Při surfování vyskakují okna s reklamou Vyřešeno

[samanxxl]

tak sem mam tabulku z hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:16, on 26. 7. 2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbsvc.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WerFault.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BsMnt] C:\Windows\BisonCam\BsMnt.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stbapp.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11854 bytes

//Odděleno od původního topicu a přesunuto do sekce HJT

//mmm

[Reklama]

[jaro3]

Toto téma smaž:
viewtopic.php?f=47&t=42954 --křížkem

Odinstaluj:
GamingHarbor Toolbar
DoubleD
Internet Saving Optimizer
System Search Dispatcher


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll
O9 - Extra button: Pridať do blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Pridať do blogu v programe Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O13 - Gopher Prefix:


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[samanxxl]

gamingharbor toolbar mi nejde odinštalovať stale mi to vyhadzuje
Setup Error

Setup was unable to locate the ProductInfo.dll on your system

čo mam s tym robiť??? a tuto poslednu System Search Dispatcher
ani nemožem najst

[jaro3]

Tak to nech a pokračuj Malwarebytes' Anti-Malware, ten to smaže.

[samanxxl]

Malwarebytes' Anti-Malware 1.39
Verzia databázy: 2504
Windows 6.0.6002 Service Pack 2

26. 7. 2009 10:03:26
mbam-log-2009-07-26 (10-02-22).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 97259
Uplynutý cas: 8 minute(s), 38 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 48
Infikovaných registracných hodnôt: 3
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 22
Infikovaných súborov: 130

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2e8e2100-98cb-4aac-9480-63a281acaff5} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{51b67a88-02d0-43cb-8d12-5ca3e2d4cf49} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d44cc2fb-77b8-48a5-a5dc-f961f2d258fb} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{5297e905-1dfb-4a9c-9871-a4f95fd58945} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{22c12739-c111-44c6-9bb7-f335c2a9be2a} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{edb1a56e-2224-4c79-a4bd-42a39c6e4608} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{27ff1ee8-8ccc-49e1-b801-f212e3744e80} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.

Infikovaných registracných hodnôt:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{872a1c39-df0b-4c8b-ad84-12ba24a3b781} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smileyapp (Adware.DoubleD) -> No action taken.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290 (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\FFToolbar (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome\locale (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome\locale\en-US (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\searchplugins (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.

Infikovaných súborov:
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\AIMActiveXDLL.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\OEActiveXDLL.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.3.20290\stb0.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\AxGifAnimator.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\gdiplus.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\HookAPINT.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\mfc80.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Microsoft.VC80.CRT.manifest (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Microsoft.VC80.MFC.manifest (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\msvcr80.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\MyDll.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Riched20Smiley.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\SkinCrafterDll.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbAol.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbapp.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbapp.exe (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbappHelper.exe (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbasst.exe (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbIE.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbMsn.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbOL.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbOLEX.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbsvc.exe (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbYahoo8.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\stbYahoo9.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\default1.dat (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\loading.dat (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Cache\loading.gif (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Cursor.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_DailyVideo.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Game.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Glitter.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Logo.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Option.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Recipe.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Ringtone.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Screensaver.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Search.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Smiley.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Wallpaper.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\Module_Web.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\pixel.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\profile.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\SearchEngineList.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\tbcore.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\ToolbarLayout.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\UpdateCentre.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\UpdateCentreBk.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome\GamingHarborToolbar.jar (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\chrome\locale\en-US\global.dtd (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\DDAutoComplete.js (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\ISmileyCore.xpt (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\SmileyCore.dll (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\TBFFHelper.js (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\components\TBFFHelper.xpt (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\fftoolbar\searchplugins\gamingharborsearchplugins.xml (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\About.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Component_ComboBox.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Cursor.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Cursor.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Game.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Glitter.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Glitter.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Logo.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Option.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Recipe.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Ringtone.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Screensaver.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Search.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Smiley.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Smiley.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\Module_Web.mg (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDefault.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDisplay.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnGlitters.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnOption.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnSmiley.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnTellFd.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnWink.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnWink.png (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\myskin1.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\myskin2.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\myskin3.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\myskin4.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\TellafriendSkin.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\gamingharbor toolbar\4.1.3.20290\Skins\ToastSkin.skf (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u NOD32+štít u SpywareTerminatoru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Budu tady asi za 2h..

[samanxxl]

ComboFix 09-07-25.04 - martin . 07. 2009 11:20.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.2047.1190 [GMT 2:00]
Running from: c:\users\martin\Desktop\Downloads\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\windows\Installer\17e70d.msi
c:\windows\Installer\fc9477d.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-25 03:52 . 2009-07-25 05:43 -------- d-----w- c:\programdata\Spyware Terminator
2009-07-25 03:52 . 2009-07-26 06:05 -------- d-----w- c:\program files\Spyware Terminator
2009-07-24 19:40 . 2009-07-24 19:40 -------- d-----w- c:\users\martin\AppData\Roaming\Uniblue
2009-07-24 19:33 . 2009-07-24 19:37 -------- d-----w- c:\programdata\PrevxCSI
2009-07-17 20:53 . 2009-07-26 09:04 -------- d-----w- c:\users\martin\Tracing
2009-07-17 20:53 . 2009-07-17 20:53 592947 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-07-17 20:53 . 2009-07-17 20:53 595765 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-07-17 20:53 . 2009-07-13 10:01 3004139 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\Setup.exe
2009-07-17 20:53 . 2009-07-17 20:53 -------- dc-h--w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}
2009-07-17 17:27 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 17:27 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 17:27 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-17 17:27 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-17 17:27 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-07 23:59 . 2009-07-08 00:00 -------- d-----w- c:\windows\system32\ca-ES
2009-07-07 23:59 . 2009-07-08 00:00 -------- d-----w- c:\windows\system32\eu-ES
2009-07-07 23:59 . 2009-07-08 00:00 -------- d-----w- c:\windows\system32\vi-VN
2009-07-07 22:06 . 2009-07-07 22:06 -------- d-----w- c:\windows\system32\EventProviders
2009-07-07 22:00 . 2009-04-11 06:28 670720 ----a-w- c:\windows\system32\mssvp.dll
2009-07-07 21:59 . 2009-04-11 06:28 152576 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2009-07-07 21:58 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-07 21:58 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-07 21:58 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-07 21:58 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-07 21:58 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-07 21:58 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-07 21:58 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-07 21:58 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-07 21:58 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-07 21:58 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-07 21:58 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-07 05:31 . 2009-07-07 05:31 -------- d-----w- c:\program files\ESET
2009-07-02 12:09 . 2009-07-02 12:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-27 08:06 . 2009-06-27 08:06 -------- d-----w- c:\program files\Google
2009-06-27 07:19 . 2009-07-03 07:17 -------- d-----w- c:\users\martin\AppData\Roaming\DivX
2009-06-27 06:57 . 2009-07-02 12:10 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-27 06:56 . 2009-07-02 12:10 -------- d-----w- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 09:17 . 2009-07-25 03:52 -------- d-----w- c:\users\martin\AppData\Roaming\Spyware Terminator
2009-07-26 09:10 . 2008-09-07 14:28 7930 ----a-w- c:\windows\system32\perfc01B.dat
2009-07-26 09:10 . 2008-09-07 14:28 28910 ----a-w- c:\windows\system32\perfh01B.dat
2009-07-26 09:04 . 2008-05-16 10:17 -------- d-----w- c:\users\martin\AppData\Roaming\OpenOffice.org2
2009-07-26 09:01 . 2008-09-29 16:26 -------- d-----w- c:\program files\ICQToolbar
2009-07-13 10:01 . 2009-07-17 20:52 262424 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll
2009-07-13 10:01 . 2009-07-17 20:52 254232 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll
2009-07-13 10:01 . 2009-07-17 20:52 872728 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
2009-07-13 10:01 . 2009-07-17 20:52 205080 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll
2009-07-13 10:01 . 2009-07-17 20:52 479512 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe
2009-07-13 10:01 . 2009-07-17 20:52 229656 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\628759C1\3E688669\stbOLEX.dll
2009-07-13 10:01 . 2009-07-17 20:52 205080 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\A26F7F7\3E688669\stbOL.dll
2009-07-13 10:01 . 2009-07-17 20:52 323864 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\B3AC8875\3E688669\stbMsn.dll
2009-07-13 10:01 . 2009-07-17 20:52 229656 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll
2009-07-13 10:01 . 2009-07-17 20:52 491800 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\BED3DEFB\3E688669\stbasst.exe
2009-07-13 10:01 . 2009-07-17 20:52 94488 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe
2009-07-13 09:21 . 2009-07-17 20:52 423528 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
2009-07-09 19:18 . 2008-01-15 14:16 -------- d-----w- c:\program files\Autodesk
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-07 23:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-07 22:20 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-02 10:22 . 2008-09-09 06:11 -------- d-----w- c:\users\martin\AppData\Roaming\ICQ
2009-06-28 15:24 . 2008-10-15 20:09 -------- d-----w- c:\programdata\Lx_cats
2009-06-06 11:22 . 2008-05-27 19:12 -------- d-----w- c:\users\martin\AppData\Roaming\dvdcss
2009-06-04 07:06 . 2008-01-15 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 08:18 . 2009-05-30 08:18 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-30 08:18 . 2009-05-30 08:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-30 08:16 . 2009-05-30 08:16 -------- d-----w- c:\program files\Microsoft
2009-05-30 08:16 . 2009-05-30 08:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-30 08:05 . 2009-05-30 08:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-30 01:11 . 2008-01-15 13:33 133792 ----a-w- c:\users\martin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-30 01:02 . 2009-02-23 08:40 -------- d-----w- c:\program files\Microsoft Works
2009-05-13 21:56 . 2008-05-19 19:21 120056 ------w- c:\windows\system32\PxCpyI64.exe
2009-05-13 21:56 . 2008-05-19 19:21 118520 ------w- c:\windows\system32\PxInsI64.exe
2009-05-09 05:50 . 2009-06-10 15:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 15:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-15 21:16 . 2009-07-25 04:07 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-25 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-01 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-01 81920]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-27 68592]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

c:\users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-15 61440]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-5-19 344064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1f,24,8c,5b,a6,ff,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C3BD0920-C8C1-4CA8-B666-D4F42817C692}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2B5ACBB4-6083-48F6-9FB5-11D4558F1100}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{16E75630-83CB-4254-87B3-A48693299CAD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3BE57484-51FC-46B7-A0B8-49E6ED361C41}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{6A4B307B-70B8-4FF3-BEE3-6F0536713EFB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F884B328-8288-45DD-B9EC-9069CE376608}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F2811459-4B64-44A8-8BC2-98D588DB717F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FA74535B-FDA5-4382-92D8-7EABE25F6468}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{28135AF5-7E48-4C54-8687-54A325D60E12}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{93940113-BB1D-4453-8D42-E0D97819D3CF}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{7F5EB104-C27F-45C2-B66E-E11DD905E4C3}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{B8FA7F16-C57D-4076-83EF-9583ACA223F6}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{6088AAB0-451C-449D-8F35-3DC90A83E2D8}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{1BFE01BB-3EA6-4749-A8DF-56341B63B434}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{4F5D4B75-EA99-491D-BB43-CBE0691FC7AE}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{1674EA1E-4C17-41A6-9DA6-42026039650F}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{BC2795F3-9CE1-4DA0-95EA-5C5966BB3F87}"= UDP:c:\users\martin\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{8C4B22D2-415E-4F15-A228-F129E2D3FEDA}"= TCP:c:\users\martin\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{744CF8AD-EFDD-4D3C-AF2C-A05ED2B0DC90}"= UDP:c:\windows\System32\lxdxcfg.exe:Printer Communication System
"{791F485B-E48E-4156-99A4-98A9874C98E3}"= TCP:c:\windows\System32\lxdxcfg.exe:Printer Communication System
"{26CD0AEF-5C82-4D3C-B460-D13497622915}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{96FB4766-0345-405E-821F-AEB58ABE19A2}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{F4FE5718-F06F-4A9F-B911-E14D190ED94D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{CA05DCBD-2CB6-458C-8AEF-C2D7A2B17536}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{EC68F6FA-93B8-4863-9E4C-69F321301989}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{8A9D22B7-A8AC-41AE-AF5C-3C7EC578C05C}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{5DD681A9-B72E-4F14-9741-44FEDE3F4965}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{81B620F5-165E-4535-84CF-D7FD1413E3DD}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{D0272232-F126-4FEC-B0AE-B6D7900EBC26}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{5EBEA2EB-04EB-4455-A52E-5ACF875E0C08}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{CD49AF9B-94E5-44FC-B2F9-C84894F55EEE}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{B7118F57-544D-4D90-B0ED-5144BD9BF298}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"TCP Query User{E82A3B4B-AE4B-4ADA-A043-8E01F8B8C977}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{1C88FE5B-841A-4276-9412-216FED1D86D2}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{F91BE8CF-AC1E-4B02-ABA1-35ED8B7393CC}"= UDP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{0CE0E0AF-4CB9-4E81-8587-F76BB01BF669}"= TCP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"TCP Query User{3390716B-5571-4DEE-B92D-74B5228AA026}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{31EE7B89-0275-4071-A846-42AADADF399B}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{1507AD7F-4777-4921-9B71-77B4F7152EB1}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{3B69E4F0-E764-4A76-B024-CB71F03C0C90}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{433A3F9A-BD20-4DDE-8DE9-BC5AC6F5958E}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{943BAE19-B963-4D46-B18E-DFCD3DFC2662}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"TCP Query User{896CEE9E-0BB8-43B9-8280-4024ACDE76FE}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= UDP:c:\program files\lexmark 3600-4600 series\frun.exe:Lexmark Productivity Studio
"UDP Query User{6D1A72D4-5779-473C-832E-B8704620F6E7}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= TCP:c:\program files\lexmark 3600-4600 series\frun.exe:Lexmark Productivity Studio
"{2A3FE0AF-480C-4EDA-88C8-54FD367B4BD9}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{F4205E8B-5044-4E69-95CA-098F82C2D591}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{AA6CCCC0-41CD-4EF3-990D-8340FCCE7D3D}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{4CEF68BE-0584-4AED-8079-AD4DD02DC52D}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{332C02E2-7AEB-49C0-8A17-1D757D562967}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{30F04D3D-0024-4F6E-B9CE-49C3C14E9A4B}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{9922594C-45B9-4A68-AEF4-68BC7C137645}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{35BA3316-A273-4EB4-A290-538DCC5F7553}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{960C5491-AE01-4AEF-BF6C-EF98E7145D00}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxwbgw.exe:Lexmark Web Gateway
"{6B48346F-6A38-4092-834D-78E137AD62D8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxwbgw.exe:Lexmark Web Gateway
"{A6AF2C41-D144-4538-82FE-007F156E6F2B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{5C01BA4D-00F2-4CDF-8DF5-5063EAF75DFC}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{7C72619A-034A-4693-83F3-F35E1529998A}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [3. 4. 2007 11:04 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2. 4. 2007 17:11 35712]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6. 2. 2009 14:23 106208]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [25. 7. 2009 5:52 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6. 2. 2009 14:24 92800]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29. 9. 2008 18:55 222456]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdxserv.exe [18. 5. 2009 7:59 98984]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKLM-Run-BsMnt - c:\windows\BisonCam\BsMnt.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\59zw2mmu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 11:26
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-07-26 11:28
ComboFix-quarantined-files.txt 2009-07-26 09:28

Pre-Run: 8 421 179 392 bytes free
Post-Run: 23 325 675 520 bytes free

314 --- E O F --- 2009-07-23 17:13



z MbAM log nemam lebo na odstrnenie vsetkych chyb som musel restartovat comp,ale po novej kontrole uz nenasiel ziadny problem

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[samanxxl]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:06, on 26. 7. 2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8169 bytes

[samanxxl]

mam problem pri otvorení čohokolvek my vyhadzuje okno

[Content]
C:\Windows\system32\notepad.exe

Vyskytol sa pokus o nepovolenú operáciu s kľúčom databázy Registry, ktorý bol označený na odstránenie.


co mam robit???

[samanxxl]

ComboFix 09-07-25.06 - martin . 07. 2009 15:36.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.2047.1220 [GMT 2:00]
Running from: c:\users\martin\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\users\martin\Desktop\CFScript.txt
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-25 03:52 . 2009-07-25 05:43 -------- d-----w- c:\programdata\Spyware Terminator
2009-07-25 03:52 . 2009-07-26 06:05 -------- d-----w- c:\program files\Spyware Terminator
2009-07-24 19:40 . 2009-07-24 19:40 -------- d-----w- c:\users\martin\AppData\Roaming\Uniblue
2009-07-24 19:33 . 2009-07-24 19:37 -------- d-----w- c:\programdata\PrevxCSI
2009-07-17 20:53 . 2009-07-26 09:04 -------- d-----w- c:\users\martin\Tracing
2009-07-17 20:53 . 2009-07-17 20:53 592947 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-07-17 20:53 . 2009-07-17 20:53 595765 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-07-17 20:53 . 2009-07-13 10:01 3004139 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\Setup.exe
2009-07-17 20:53 . 2009-07-17 20:53 -------- dc-h--w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}
2009-07-17 17:27 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 17:27 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 17:27 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-17 17:27 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-17 17:27 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-07 23:59 . 2009-07-08 00:00 -------- d-----w- c:\windows\system32\ca-ES
2009-07-07 23:59 . 2009-07-08 00:00 -------- d-----w- c:\windows\system32\eu-ES
2009-07-07 23:59 . 2009-07-08 00:00 -------- d-----w- c:\windows\system32\vi-VN
2009-07-07 22:06 . 2009-07-07 22:06 -------- d-----w- c:\windows\system32\EventProviders
2009-07-07 22:00 . 2009-04-11 06:28 670720 ----a-w- c:\windows\system32\mssvp.dll
2009-07-07 21:59 . 2009-04-11 06:28 152576 ----a-w- c:\windows\system32\wbem\wmiprov.dll
2009-07-07 21:58 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-07 21:58 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-07 21:58 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-07 21:58 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-07 21:58 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-07 21:58 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-07 21:58 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-07 21:58 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-07 21:58 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-07 21:58 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-07 21:58 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-07-07 05:31 . 2009-07-07 05:31 -------- d-----w- c:\program files\ESET
2009-07-02 12:09 . 2009-07-02 12:09 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-27 08:06 . 2009-06-27 08:06 -------- d-----w- c:\program files\Google
2009-06-27 07:19 . 2009-07-03 07:17 -------- d-----w- c:\users\martin\AppData\Roaming\DivX
2009-06-27 06:57 . 2009-07-02 12:10 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-27 06:56 . 2009-07-02 12:10 -------- d-----w- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 13:35 . 2008-09-07 14:28 7930 ----a-w- c:\windows\system32\perfc01B.dat
2009-07-26 13:35 . 2008-09-07 14:28 28910 ----a-w- c:\windows\system32\perfh01B.dat
2009-07-26 13:31 . 2008-05-16 10:17 -------- d-----w- c:\users\martin\AppData\Roaming\OpenOffice.org2
2009-07-26 09:17 . 2009-07-25 03:52 -------- d-----w- c:\users\martin\AppData\Roaming\Spyware Terminator
2009-07-26 09:01 . 2008-09-29 16:26 -------- d-----w- c:\program files\ICQToolbar
2009-07-13 10:01 . 2009-07-17 20:52 262424 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\D5797E3B\3E688669\stbYahoo9.dll
2009-07-13 10:01 . 2009-07-17 20:52 254232 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\6216A4BD\3E688669\stbYahoo8.dll
2009-07-13 10:01 . 2009-07-17 20:52 872728 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\B75FA91E\3E688669\stbsvc.exe
2009-07-13 10:01 . 2009-07-17 20:52 205080 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\stbsh.dll
2009-07-13 10:01 . 2009-07-17 20:52 479512 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\stbpx.exe
2009-07-13 10:01 . 2009-07-17 20:52 229656 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\628759C1\3E688669\stbOLEX.dll
2009-07-13 10:01 . 2009-07-17 20:52 205080 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\A26F7F7\3E688669\stbOL.dll
2009-07-13 10:01 . 2009-07-17 20:52 323864 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\B3AC8875\3E688669\stbMsn.dll
2009-07-13 10:01 . 2009-07-17 20:52 229656 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\C3C6C2CD\3E688669\stbIE.dll
2009-07-13 10:01 . 2009-07-17 20:52 491800 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\BED3DEFB\3E688669\stbasst.exe
2009-07-13 10:01 . 2009-07-17 20:52 94488 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\15D3A7BB\3E688669\stbappHelper.exe
2009-07-13 09:21 . 2009-07-17 20:52 423528 -c--a-w- c:\programdata\{F444439B-B473-48E8-8DE5-4CB929C79A9F}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
2009-07-09 19:18 . 2008-01-15 14:16 -------- d-----w- c:\program files\Autodesk
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-08 00:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-07 23:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-07 22:20 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-02 10:22 . 2008-09-09 06:11 -------- d-----w- c:\users\martin\AppData\Roaming\ICQ
2009-06-28 15:24 . 2008-10-15 20:09 -------- d-----w- c:\programdata\Lx_cats
2009-06-06 11:22 . 2008-05-27 19:12 -------- d-----w- c:\users\martin\AppData\Roaming\dvdcss
2009-06-04 07:06 . 2008-01-15 13:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 08:18 . 2009-05-30 08:18 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-05-30 08:18 . 2009-05-30 08:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-05-30 08:16 . 2009-05-30 08:16 -------- d-----w- c:\program files\Microsoft
2009-05-30 08:16 . 2009-05-30 08:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-30 08:05 . 2009-05-30 08:05 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-30 01:11 . 2008-01-15 13:33 133792 ----a-w- c:\users\martin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-30 01:02 . 2009-02-23 08:40 -------- d-----w- c:\program files\Microsoft Works
2009-05-13 21:56 . 2008-05-19 19:21 120056 ------w- c:\windows\system32\PxCpyI64.exe
2009-05-13 21:56 . 2008-05-19 19:21 118520 ------w- c:\windows\system32\PxInsI64.exe
2009-05-09 05:50 . 2009-06-10 15:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 15:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-15 21:16 . 2009-07-25 04:07 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-26_09.26.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-15 13:43 . 2009-07-26 13:32 65776 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-01-15 13:35 . 2009-07-26 13:32 14930 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-376572297-1698153229-1159175207-1000_UserData.bin
- 2008-01-15 13:35 . 2009-07-26 09:05 14930 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-376572297-1698153229-1159175207-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-07-26 13:35 97558 c:\windows\System32\perfc009.dat
+ 2006-11-02 13:02 . 2009-07-26 13:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-07-26 09:17 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-26 13:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-26 09:17 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-26 13:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-26 09:17 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-26 13:30 . 2009-07-26 13:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-26 09:03 . 2009-07-26 09:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-26 13:30 . 2009-07-26 13:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-26 09:03 . 2009-07-26 09:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-16 05:28 . 2009-07-26 12:54 256008 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2009-07-26 13:32 102878 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-07-26 13:35 583486 c:\windows\System32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-25 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-01 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-01 81920]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-27 68592]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]

c:\users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-15 61440]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-5-19 344064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-18 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):1f,24,8c,5b,a6,ff,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C3BD0920-C8C1-4CA8-B666-D4F42817C692}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{2B5ACBB4-6083-48F6-9FB5-11D4558F1100}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{16E75630-83CB-4254-87B3-A48693299CAD}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3BE57484-51FC-46B7-A0B8-49E6ED361C41}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{6A4B307B-70B8-4FF3-BEE3-6F0536713EFB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F884B328-8288-45DD-B9EC-9069CE376608}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F2811459-4B64-44A8-8BC2-98D588DB717F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FA74535B-FDA5-4382-92D8-7EABE25F6468}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{28135AF5-7E48-4C54-8687-54A325D60E12}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{93940113-BB1D-4453-8D42-E0D97819D3CF}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{7F5EB104-C27F-45C2-B66E-E11DD905E4C3}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{B8FA7F16-C57D-4076-83EF-9583ACA223F6}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{6088AAB0-451C-449D-8F35-3DC90A83E2D8}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{1BFE01BB-3EA6-4749-A8DF-56341B63B434}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{4F5D4B75-EA99-491D-BB43-CBE0691FC7AE}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{1674EA1E-4C17-41A6-9DA6-42026039650F}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{BC2795F3-9CE1-4DA0-95EA-5C5966BB3F87}"= UDP:c:\users\martin\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{8C4B22D2-415E-4F15-A228-F129E2D3FEDA}"= TCP:c:\users\martin\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{744CF8AD-EFDD-4D3C-AF2C-A05ED2B0DC90}"= UDP:c:\windows\System32\lxdxcfg.exe:Printer Communication System
"{791F485B-E48E-4156-99A4-98A9874C98E3}"= TCP:c:\windows\System32\lxdxcfg.exe:Printer Communication System
"{26CD0AEF-5C82-4D3C-B460-D13497622915}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{96FB4766-0345-405E-821F-AEB58ABE19A2}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{F4FE5718-F06F-4A9F-B911-E14D190ED94D}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{CA05DCBD-2CB6-458C-8AEF-C2D7A2B17536}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{EC68F6FA-93B8-4863-9E4C-69F321301989}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{8A9D22B7-A8AC-41AE-AF5C-3C7EC578C05C}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{5DD681A9-B72E-4F14-9741-44FEDE3F4965}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{81B620F5-165E-4535-84CF-D7FD1413E3DD}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{D0272232-F126-4FEC-B0AE-B6D7900EBC26}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{5EBEA2EB-04EB-4455-A52E-5ACF875E0C08}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{CD49AF9B-94E5-44FC-B2F9-C84894F55EEE}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{B7118F57-544D-4D90-B0ED-5144BD9BF298}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"TCP Query User{E82A3B4B-AE4B-4ADA-A043-8E01F8B8C977}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{1C88FE5B-841A-4276-9412-216FED1D86D2}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{F91BE8CF-AC1E-4B02-ABA1-35ED8B7393CC}"= UDP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{0CE0E0AF-4CB9-4E81-8587-F76BB01BF669}"= TCP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"TCP Query User{3390716B-5571-4DEE-B92D-74B5228AA026}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{31EE7B89-0275-4071-A846-42AADADF399B}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"{1507AD7F-4777-4921-9B71-77B4F7152EB1}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{3B69E4F0-E764-4A76-B024-CB71F03C0C90}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{433A3F9A-BD20-4DDE-8DE9-BC5AC6F5958E}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{943BAE19-B963-4D46-B18E-DFCD3DFC2662}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"TCP Query User{896CEE9E-0BB8-43B9-8280-4024ACDE76FE}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= UDP:c:\program files\lexmark 3600-4600 series\frun.exe:Lexmark Productivity Studio
"UDP Query User{6D1A72D4-5779-473C-832E-B8704620F6E7}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= TCP:c:\program files\lexmark 3600-4600 series\frun.exe:Lexmark Productivity Studio
"{2A3FE0AF-480C-4EDA-88C8-54FD367B4BD9}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{F4205E8B-5044-4E69-95CA-098F82C2D591}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{AA6CCCC0-41CD-4EF3-990D-8340FCCE7D3D}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{4CEF68BE-0584-4AED-8079-AD4DD02DC52D}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{332C02E2-7AEB-49C0-8A17-1D757D562967}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{30F04D3D-0024-4F6E-B9CE-49C3C14E9A4B}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{9922594C-45B9-4A68-AEF4-68BC7C137645}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{35BA3316-A273-4EB4-A290-538DCC5F7553}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{960C5491-AE01-4AEF-BF6C-EF98E7145D00}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxwbgw.exe:Lexmark Web Gateway
"{6B48346F-6A38-4092-834D-78E137AD62D8}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxwbgw.exe:Lexmark Web Gateway
"{A6AF2C41-D144-4538-82FE-007F156E6F2B}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{5C01BA4D-00F2-4CDF-8DF5-5063EAF75DFC}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{7C72619A-034A-4693-83F3-F35E1529998A}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [3. 4. 2007 11:04 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [2. 4. 2007 17:11 35712]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6. 2. 2009 14:23 106208]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [25. 7. 2009 5:52 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6. 2. 2009 14:24 92800]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29. 9. 2008 18:55 222456]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdxserv.exe [18. 5. 2009 7:59 98984]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\59zw2mmu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 15:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-07-26 15:42
ComboFix-quarantined-files.txt 2009-07-26 13:42
ComboFix2.txt 2009-07-26 13:12
ComboFix3.txt 2009-07-26 09:28

Pre-Run: 22 921 854 976 bytes free
Post-Run: 22 891 069 440 bytes free

325 --- E O F --- 2009-07-23 17:13

[samanxxl]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:19, on 26. 7. 2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8240 bytes