klasický problém vyskakování reklam v prohlížečích Vyřešeno

[Budkyns]

nedopatřením se mi povedlo stahnout a nainstalovat Gaming harbor.....nejspíš je to tím....vyskakující okna v internetových prohlížečích....jak vidím, hodně rozšířená záležitost :)
prosím o kontrolu logu

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:55, on 8.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbappHelper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.3.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.3.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03203F6E-1EAF-42EF-8B7C-626AF86F41EA}: NameServer = 89.203.139.1,192.167.60.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{03203F6E-1EAF-42EF-8B7C-626AF86F41EA}: NameServer = 89.203.139.1,192.167.60.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8963 bytes

[Reklama]

[Damned]

Na mě taky jednou na D5 vyskakovaly okna. Jen tak tak, že jsem zabrzdil

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.3.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.3.840\ssd.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stbapp.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
*****************************************************************************************************************************************
Odinstaluj si:
ICQ6Toolbar
AskBarDis (Ask.com, Ask Toolbar)
Media Access Startup
Internet Saving Optimizer
DoubleD (GamingHarbor Toolbar)

[Budkyns]

vypadá to že to pomohlo :)) vřelé díííky

[Damned]

To ještě není všechno.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Budkyns]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2586
Windows 5.1.2600 Service Pack 3

9.8.2009 22:35:30
mbam-log-2009-08-09 (22-35-23).txt

Typ skenu: Rychlý sken
Objektu skenováno: 86712
Uplynulý cas: 6 minute(s), 17 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 19
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 10
Infikované soubory: 93

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> No action taken.

Infikované soubory:
C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Budkyns]

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2586
Windows 5.1.2600 Service Pack 3

10.8.2009 9:55:00
mbam-log-2009-08-10 (09-54-59).txt

Typ skenu: Rychlý sken
Objektu skenováno: 86510
Uplynulý cas: 5 minute(s), 49 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 19
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 10
Infikované soubory: 93

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.3.840 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Uzivatel\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

[Budkyns]

ComboFix 09-08-09.04 - Uzivatel 10.08.2009 10:11.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.199 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Uzivatel\Local Settings\Temporary Internet Files\_tm36F.tmp
c:\documents and settings\Uzivatel\Local Settings\Temporary Internet Files\_tm5AE.tmp
c:\documents and settings\Uzivatel\Local Settings\Temporary Internet Files\stb06759.tmp
c:\documents and settings\Uzivatel\Plocha\Higher Ground - 11 -
c:\documents and settings\Uzivatel\Plocha\Higher Ground - 11 -
c:\windows\system32\Dvbpws.dll
c:\windows\system32\install.exe
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-09 20:26 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 20:26 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 20:26 . 2009-08-09 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 14:22 . 2009-08-08 14:22 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-08 13:11 . 2009-08-08 13:11 -------- d-----w- c:\program files\Trend Micro
2009-07-29 11:10 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 11:10 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-22 12:15 . 2009-08-09 19:11 -------- d-----w- c:\program files\Garena
2009-07-21 17:06 . 2009-07-21 17:11 51618 ----a-w- c:\windows\War3Unin.dat
2009-07-21 17:06 . 2009-07-21 17:11 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-21 17:06 . 2009-07-21 17:11 139264 ----a-w- c:\windows\War3Unin.exe
2009-07-21 14:42 . 2009-07-21 14:42 -------- d-----w- c:\program files\Palm
2009-07-21 12:52 . 2009-08-09 20:16 -------- d-----w- c:\program files\Warcraft III

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 08:16 . 2009-05-22 15:15 -------- d-----w- c:\program files\ESET
2009-08-08 12:33 . 2009-06-06 19:57 -------- d-----w- c:\program files\Java
2009-08-05 18:44 . 2009-05-22 15:26 -------- d-----w- c:\program files\MediaCoder
2009-07-25 03:23 . 2009-06-06 19:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 15:42 . 2009-07-03 14:23 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-21 15:41 . 2009-07-03 14:23 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-21 14:42 . 2009-05-19 20:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-05 10:28 . 2009-07-05 10:23 -------- d-----w- c:\program files\ICQ6.5
2009-07-04 07:24 . 2009-07-04 07:20 -------- d-----w- c:\program files\Ubi Soft
2009-07-04 07:23 . 2009-07-04 07:23 -------- d-----w- c:\program files\directx
2009-07-03 16:59 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 14:22 . 2009-07-03 14:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-03 14:14 . 2009-07-03 14:14 -------- d-----w- c:\program files\GamePark
2009-07-03 13:37 . 2009-07-03 13:37 -------- d-----w- c:\program files\Activision
2009-07-03 13:35 . 2009-05-19 20:28 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-30 10:27 . 2009-05-22 15:33 -------- d-----w- c:\program files\Webteh
2009-06-24 17:10 . 2009-06-24 17:10 -------- d-----w- c:\program files\The Creative Assembly
2009-06-22 16:06 . 2009-06-22 16:06 -------- d-----w- c:\program files\Pyro Studios
2009-06-22 14:55 . 2009-06-22 14:55 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-21 11:08 . 2009-06-21 11:08 529 ----a-w- c:\windows\eReg.dat
2009-06-20 07:51 . 2001-10-25 14:00 91736 ----a-w- c:\windows\system32\perfc005.dat
2009-06-20 07:51 . 2001-10-25 14:00 461624 ----a-w- c:\windows\system32\perfh005.dat
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-23 13:28 . 2009-05-23 13:28 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-22 15:43 . 2009-05-22 15:43 0 ----a-w- c:\windows\nsreg.dat
2009-05-22 15:31 . 2009-05-22 15:31 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2009-05-22 15:29 . 2009-05-22 15:29 96384 ----a-w- c:\windows\system32\drivers\sptd4765.sys
2009-05-22 15:29 . 2009-05-22 15:29 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 15:27 . 2009-05-22 15:27 95563 ----a-w- c:\windows\MediaCoder\XULMusic\Profiles\p8b6f003.default\xpti.dat
2009-05-22 15:27 . 2009-05-22 15:27 132428 ----a-w- c:\windows\MediaCoder\XULMusic\Profiles\p8b6f003.default\compreg.dat
2009-05-22 15:22 . 2006-09-18 05:57 2560 ----a-w- c:\windows\system32\BitCometRes.dll
2009-05-20 13:27 . 2009-05-19 03:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-20 13:27 . 2009-05-19 03:52 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-19 20:33 . 2009-05-19 20:33 0 ----a-w- c:\windows\ativpsrm.bin
2009-05-19 19:25 . 2009-05-19 03:52 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-19 03:50 . 2009-05-19 03:50 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-12 13:12 . 2009-05-19 20:37 26144 ----a-w- c:\windows\system32\spupdsvc.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-01-26 327680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23584:TCP"= 23584:TCP:BitComet 23584 TCP
"23584:UDP"= 23584:UDP:BitComet 23584 UDP

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [18.5.2009 16:29 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [19.5.2009 22:15 44928]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [19.5.2009 22:15 28160]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [22.5.2009 18:08 9446]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Uzivatel\LOCALS~1\Temp\YYE4B9.tmp --> c:\docume~1\Uzivatel\LOCALS~1\Temp\YYE4B9.tmp [?]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [19.5.2009 22:15 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{EEB22A03-1EBE-474C-B83F-15D5BC5EAC90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll


.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {03203F6E-1EAF-42EF-8B7C-626AF86F41EA} = 89.203.139.1,192.167.60.1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\khlb7793.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 10:17
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Uzivatel\LOCALS~1\Temp\YYE4B9.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3792)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-10 10:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-10 08:20

Před spuštěním: Volných bajtů: 260 715 470 848
Po spuštění: Volných bajtů: 263 687 204 864

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

191 --- E O F --- 2009-07-30 09:34

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.c:\windows\system32\drivers\sptd4765.sys
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\eReg.dat
c:\windows\system32\ezsidmv.dat
c:\docume~1\Uzivatel\LOCALS~1\Temp\YYE4B9.tmp

Folder::
c:\program files\Webteh
C:\Program Files\ICQ6Toolbar
C:\Program Files\AskBarDis

Driver::
GarenaPEngine;GarenaPEngine
GarenaPEngine

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Budkyns]

Virus Total je neustale vytížen takže momentalne nemužu provest otestovaní a emailem tam ten soubor k otestovaní zaslat nejde


ComboFix 09-08-09.04 - Uzivatel 10.08.2009 17:00.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.253 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uzivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uzivatel\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\docume~1\Uzivatel\LOCALS~1\Temp\YYE4B9.tmp"
"c:\windows\eReg.dat"
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\Webteh
c:\program files\Webteh\BSplayerPro\bplay.exe
c:\program files\Webteh\BSplayerPro\bslib\bslib.dll
c:\program files\Webteh\BSplayerPro\bslib\BSPMLIB.DAT
c:\program files\Webteh\BSplayerPro\bslib\gds32.dll
c:\program files\Webteh\BSplayerPro\bslib\icudt30.dll
c:\program files\Webteh\BSplayerPro\bslib\icuin30.dll
c:\program files\Webteh\BSplayerPro\bslib\icuuc30.dll
c:\program files\Webteh\BSplayerPro\bslib\msvcp71.dll
c:\program files\Webteh\BSplayerPro\bslib\msvcr71.dll
c:\program files\Webteh\BSplayerPro\bspfilters.sam
c:\program files\Webteh\BSplayerPro\bsplay.exe
c:\program files\Webteh\BSplayerPro\bsplayer.exe
c:\program files\Webteh\BSplayerPro\bsplayer.exe.manifest
c:\program files\Webteh\BSplayerPro\bsrendv2.dll
c:\program files\Webteh\BSplayerPro\doc\cmdline.txt
c:\program files\Webteh\BSplayerPro\doc\ini_files.html
c:\program files\Webteh\BSplayerPro\changes.txt
c:\program files\Webteh\BSplayerPro\key.reg
c:\program files\Webteh\BSplayerPro\lang\Česky.lng
c:\program files\Webteh\BSplayerPro\lang\Arabic.lng
c:\program files\Webteh\BSplayerPro\lang\Arabic2.lng
c:\program files\Webteh\BSplayerPro\lang\Belarussian.lng
c:\program files\Webteh\BSplayerPro\lang\Bosanski.lng
c:\program files\Webteh\BSplayerPro\lang\Brazilian_Portuguese.lng
c:\program files\Webteh\BSplayerPro\lang\Brezhoneg.lng
c:\program files\Webteh\BSplayerPro\lang\Bulgarian.lng
c:\program files\Webteh\BSplayerPro\lang\Catalŕ.lng
c:\program files\Webteh\BSplayerPro\lang\Danish.lng
c:\program files\Webteh\BSplayerPro\lang\Deutsch.lng
c:\program files\Webteh\BSplayerPro\lang\Eesti.lng
c:\program files\Webteh\BSplayerPro\lang\English.lng
c:\program files\Webteh\BSplayerPro\lang\Esperanto.lng
c:\program files\Webteh\BSplayerPro\lang\Euskera.lng
c:\program files\Webteh\BSplayerPro\lang\Finnish.lng
c:\program files\Webteh\BSplayerPro\lang\Français.lng
c:\program files\Webteh\BSplayerPro\lang\Galego.lng
c:\program files\Webteh\BSplayerPro\lang\Greek.lng
c:\program files\Webteh\BSplayerPro\lang\Hebrew.lng
c:\program files\Webteh\BSplayerPro\lang\Hrvatski.lng
c:\program files\Webteh\BSplayerPro\lang\Italiano.lng
c:\program files\Webteh\BSplayerPro\lang\lang_changes.txt
c:\program files\Webteh\BSplayerPro\lang\Latvian.lng
c:\program files\Webteh\BSplayerPro\lang\Lithuanian.lng
c:\program files\Webteh\BSplayerPro\lang\magyar.lng
c:\program files\Webteh\BSplayerPro\lang\Makedonski.lng
c:\program files\Webteh\BSplayerPro\lang\Nederlands.lng
c:\program files\Webteh\BSplayerPro\lang\Norsk.lng
c:\program files\Webteh\BSplayerPro\lang\Polski.lng
c:\program files\Webteh\BSplayerPro\lang\Portugues.lng
c:\program files\Webteh\BSplayerPro\lang\Romanian.lng
c:\program files\Webteh\BSplayerPro\lang\Russian.lng
c:\program files\Webteh\BSplayerPro\lang\Simplified_Chinese.lng
c:\program files\Webteh\BSplayerPro\lang\Slovenčina.lng
c:\program files\Webteh\BSplayerPro\lang\Slovenski.lng
c:\program files\Webteh\BSplayerPro\lang\Spanish.lng
c:\program files\Webteh\BSplayerPro\lang\Srpski.lng
c:\program files\Webteh\BSplayerPro\lang\Swedish.lng
c:\program files\Webteh\BSplayerPro\lang\Traditional_Chinese.lng
c:\program files\Webteh\BSplayerPro\lang\Turkish.lng
c:\program files\Webteh\BSplayerPro\lang\Ukrainian.lng
c:\program files\Webteh\BSplayerPro\lang\Uzbek.lng
c:\program files\Webteh\BSplayerPro\lang\Valenciŕ.lng
c:\program files\Webteh\BSplayerPro\plugins\oldskin.dll
c:\program files\Webteh\BSplayerPro\sdk\bsp.h
c:\program files\Webteh\BSplayerPro\sdk\bsp.pas
c:\program files\Webteh\BSplayerPro\sdk\plugins\bspplg.h
c:\program files\Webteh\BSplayerPro\sdk\plugins\bspplg.pas
c:\program files\Webteh\BSplayerPro\sdk\plugins\C\Sample\sample_plugin.def
c:\program files\Webteh\BSplayerPro\sdk\plugins\C\Sample\sample_plugin.dsp
c:\program files\Webteh\BSplayerPro\sdk\plugins\C\Sample\sample_plugin.dsw
c:\program files\Webteh\BSplayerPro\sdk\plugins\C\Sample\sampleplugin.c
c:\program files\Webteh\BSplayerPro\sdk\plugins\C\sample_subtitles\sample_sub.c
c:\program files\Webteh\BSplayerPro\sdk\plugins\C\sample_subtitles\sample_sub.def
c:\program files\Webteh\BSplayerPro\sdk\plugins\C\sample_subtitles\sample_subtitles.dsp
c:\program files\Webteh\BSplayerPro\sdk\plugins\C\sample_subtitles\sample_subtitles.dsw
c:\program files\Webteh\BSplayerPro\sdk\plugins\Delphi\sample\sample_plugin.dpr
c:\program files\Webteh\BSplayerPro\sdk\plugins\Delphi\sample_subtitles\sample_sub.dpr
c:\program files\Webteh\BSplayerPro\Skins\Base\actaspbg.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\actsubbg.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\actsubpbg.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\actvolbg.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b3a.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b3d.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b3n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b3u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b4a.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b4d.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b4n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b4u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b5a.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b5d.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b5n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b5u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b6n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b7n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b8.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\b8n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\balbtnn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\btn_dn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\btn_ln.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\btn_rn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\btn_un.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\btncolorn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\btngrp1bg.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\btnmenun.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\btnmenuu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\eq.ini
c:\program files\Webteh\BSplayerPro\Skins\Base\eqbtn1a.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\eqbtn1n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\eqbtn2n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\eqbtn2u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\eqbtnn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\eqmain.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exabtn1n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exabtn1u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exabtn2n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exabtn2u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exabtn3n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exabtn3u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exabtn4n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exabtn4u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exaudioa.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exaudion.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exaudiou.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdbtn1n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdbtn1u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdbtn2n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdbtn2u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdbtn3n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdbtn3u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdbtn4n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdbtn4u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdvda.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdvdn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exdvdu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exitn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exitu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exradioa.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exradion.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exradiou.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\extbg.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\extva.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\extvn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\extvu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn1a.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn1n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn2n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn2u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn3n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn3u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn4n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn4u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn5n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn5u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn6n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn6u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn7n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn7u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn8n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvbtn8u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvideoa.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvideon.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\exvideou.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsactbg.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb1d.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb1n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb1u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb2d.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb2n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb2u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb3d.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb3n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb3u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb4d.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb4n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb4u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb5d.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb5n.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsb5u.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsmain.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsn.BMP
c:\program files\Webteh\BSplayerPro\Skins\Base\fsnextd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsnextn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsnextu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsopend.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsopenn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsopenu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fspaused.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fspausen.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fspauseu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsplayd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsplayn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsplayu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsprevd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsprevn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsprevu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsseek.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsstopd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsstopn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsstopu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\fsu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\grp2.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\main.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\minimizen.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\minimizeu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\mutea.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\muted.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\muten.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\muteu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\nextd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\nextn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\nextu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\opend.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\openn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\openu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\paused.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\pausen.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\pauseu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\playd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\playn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\playu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\plist.ini
c:\program files\Webteh\BSplayerPro\Skins\Base\prevd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\prevn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\prevu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\rgn.dat
c:\program files\Webteh\BSplayerPro\Skins\Base\rgnfs.dat
c:\program files\Webteh\BSplayerPro\Skins\Base\seek.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\skin.ini
c:\program files\Webteh\BSplayerPro\Skins\Base\skinfs.ini
c:\program files\Webteh\BSplayerPro\Skins\Base\stopd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\stopn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\stopu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\voldd.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\voldn.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\voldu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\volud.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\volume.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\volun.bmp
c:\program files\Webteh\BSplayerPro\Skins\Base\voluu.bmp
c:\program files\Webteh\BSplayerPro\Skins\Bat lite.bsz
c:\program files\Webteh\BSplayerPro\Skins\BSplayer.v1.bsz
c:\program files\Webteh\BSplayerPro\Skins\mediaBOX v-1.bsz
c:\program files\Webteh\BSplayerPro\Skins\MediaBOX V-2.bsz
c:\program files\Webteh\BSplayerPro\uninstall.EXE
c:\windows\eReg.dat
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Legacy_ICQ_Service
-------\Service_ICQ Service


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 13:11 . 2009-08-10 13:11 298104 ----a-w- c:\windows\system32\imon.dll
2009-08-10 13:11 . 2009-08-10 13:11 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-08-10 13:11 . 2009-08-10 13:11 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-08-10 09:10 . 2009-08-10 09:12 -------- d-----w- c:\program files\ICQ6.5
2009-08-09 20:26 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 20:26 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 20:26 . 2009-08-09 20:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 14:22 . 2009-08-08 14:22 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-08 13:11 . 2009-08-08 13:11 -------- d-----w- c:\program files\Trend Micro
2009-07-29 11:10 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 11:10 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-22 12:15 . 2009-08-10 13:19 -------- d-----w- c:\program files\Garena
2009-07-21 17:06 . 2009-07-21 17:11 51618 ----a-w- c:\windows\War3Unin.dat
2009-07-21 17:06 . 2009-07-21 17:11 2829 ----a-w- c:\windows\War3Unin.pif
2009-07-21 17:06 . 2009-07-21 17:11 139264 ----a-w- c:\windows\War3Unin.exe
2009-07-21 14:42 . 2009-07-21 14:42 -------- d-----w- c:\program files\Palm
2009-07-21 12:52 . 2009-08-10 14:46 -------- d-----w- c:\program files\Warcraft III

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 13:11 . 2009-05-22 15:15 -------- d-----w- c:\program files\ESET
2009-08-08 12:33 . 2009-06-06 19:57 -------- d-----w- c:\program files\Java
2009-08-05 18:44 . 2009-05-22 15:26 -------- d-----w- c:\program files\MediaCoder
2009-07-25 03:23 . 2009-06-06 19:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 15:42 . 2009-07-03 14:23 137928 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-21 15:41 . 2009-07-03 14:23 189768 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-21 14:42 . 2009-05-19 20:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 07:24 . 2009-07-04 07:20 -------- d-----w- c:\program files\Ubi Soft
2009-07-04 07:23 . 2009-07-04 07:23 -------- d-----w- c:\program files\directx
2009-07-03 16:59 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 14:22 . 2009-07-03 14:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-03 14:14 . 2009-07-03 14:14 -------- d-----w- c:\program files\GamePark
2009-07-03 13:37 . 2009-07-03 13:37 -------- d-----w- c:\program files\Activision
2009-07-03 13:35 . 2009-05-19 20:28 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-24 17:10 . 2009-06-24 17:10 -------- d-----w- c:\program files\The Creative Assembly
2009-06-22 16:06 . 2009-06-22 16:06 -------- d-----w- c:\program files\Pyro Studios
2009-06-22 14:55 . 2009-06-22 14:55 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-20 07:51 . 2001-10-25 14:00 91736 ----a-w- c:\windows\system32\perfc005.dat
2009-06-20 07:51 . 2001-10-25 14:00 461624 ----a-w- c:\windows\system32\perfh005.dat
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 14:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-22 15:43 . 2009-05-22 15:43 0 ----a-w- c:\windows\nsreg.dat
2009-05-22 15:31 . 2009-05-22 15:31 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2009-05-22 15:29 . 2009-05-22 15:29 96384 ----a-w- c:\windows\system32\drivers\sptd4765.sys
2009-05-22 15:29 . 2009-05-22 15:29 664064 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 15:27 . 2009-05-22 15:27 95563 ----a-w- c:\windows\MediaCoder\XULMusic\Profiles\p8b6f003.default\xpti.dat
2009-05-22 15:27 . 2009-05-22 15:27 132428 ----a-w- c:\windows\MediaCoder\XULMusic\Profiles\p8b6f003.default\compreg.dat
2009-05-22 15:22 . 2006-09-18 05:57 2560 ----a-w- c:\windows\system32\BitCometRes.dll
2009-05-20 13:27 . 2009-05-19 03:52 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-20 13:27 . 2009-05-19 03:52 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-05-19 20:33 . 2009-05-19 20:33 0 ----a-w- c:\windows\ativpsrm.bin
2009-05-19 19:25 . 2009-05-19 03:52 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-05-19 03:50 . 2009-05-19 03:50 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_08.17.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 15:07 . 2009-08-10 15:07 16384 c:\windows\Temp\Perflib_Perfdata_100.dat
+ 2009-08-10 15:05 . 2009-08-10 15:05 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-10 15:05 . 2009-08-10 15:05 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-10 15:05 . 2009-08-10 15:05 229376 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-10 15:05 . 2009-08-10 15:05 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-10 15:05 . 2009-08-10 15:05 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 15:05 . 2009-08-10 15:05 3747840 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2006-01-26 327680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-10 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23584:TCP"= 23584:TCP:BitComet 23584 TCP
"23584:UDP"= 23584:UDP:BitComet 23584 UDP

R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [18.5.2009 16:29 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [19.5.2009 22:15 44928]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [10.8.2009 15:11 15424]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [19.5.2009 22:15 28160]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [22.5.2009 18:08 9446]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [19.5.2009 22:15 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-10 c:\windows\Tasks\User_Feed_Synchronization-{EEB22A03-1EBE-474C-B83F-15D5BC5EAC90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/skinit/icq/
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all videos using BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {03203F6E-1EAF-42EF-8B7C-626AF86F41EA} = 89.203.139.1,192.167.60.1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\khlb7793.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 17:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3512)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-10 17:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-10 15:11
ComboFix2.txt 2009-08-10 08:20

Před spuštěním: Volných bajtů: 263 603 290 112
Po spuštění: Volných bajtů: 263 487 135 744

454 --- E O F --- 2009-07-30 09:34

[Damned]

Pokud nejde Virustotal, zkus to na: http://virusscan.jotti.org/cs

[Budkyns]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:44, on 10.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/skinit/icq/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03203F6E-1EAF-42EF-8B7C-626AF86F41EA}: NameServer = 89.203.139.1,192.167.60.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{03203F6E-1EAF-42EF-8B7C-626AF86F41EA}: NameServer = 89.203.139.1,192.167.60.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6835 bytes

Počítač se nechová nikterak neobvykle, ten hlavní problem vyskakování reklam zmizel hned po prvním kroku tedy po prvním fixnutí v hijacku........kromě menšího problemu s icq smaily od prvního použití Combofixu nevidím žádné jiné neobvyklosti

na tom druhem odkazu to hlasí že soubor je prázdný (0 bytů)....virus total stale nejde.....prubezne budu jeste virus total zkouset