Prosim o kontrolu- stale otvara nove okna.

Bambuľka · Příspěvekod **Bambuľka** » 24 zář 2009 17:33

Dobrý deň, poprosím o kontrolu logu z HJT, po spustení mozilly mi stale spušťa nové okná, takže v priebehu zopar minut je ich plná lišta. Dík.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:41, on 24.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnp2std.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Total Commander XP\TOTALCMD.EXE
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavenia rozšírenia &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1F0C231-0A2C-41C7-9679-186D97D95696}: NameServer = 192.168.11.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11563 bytes

Reklama

Damned · Příspěvekod **Damned** » 24 zář 2009 17:48

Odinstaluj si ICQ6Toolbar, Winamp Toolbar, Media Access Startup, Internet Saving Optimizer,
System Search Dispatcher.

Pak sem vlož nový log z HJT

Bambuľka · Příspěvekod **Bambuľka** » 24 zář 2009 18:10

Tu je ten log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:46, on 24.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnp2std.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (file missing)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavenia rozšírenia &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1F0C231-0A2C-41C7-9679-186D97D95696}: NameServer = 192.168.11.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 10277 bytes

Damned · Příspěvekod **Damned** » 24 zář 2009 18:39

Dodrž pořadí.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINDOWS\system32\amvo.exe

- je to trojan, jen bych rád viděl, kolik antivirů ho detekuje.
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Bambuľka · Příspěvekod **Bambuľka** » 24 zář 2009 19:28

Tie položky som fixla ale som sa zabudla odpojiť od netu

Ten červený subor mi virustotal nenašiel a to som dala zobraziť aj skryté súbory, tak neviem ako ho tam vložiť.
Prikladám log z Malware....

Malwarebytes' Anti-Malware 1.41
Verzia databázy: 2855
Windows 5.1.2600 Service Pack 3

24.9.2009 19:21:48
mbam-log-2009-09-24 (19-21-23).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 121164
Uplynutý cas: 10 minute(s), 52 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 20
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 18
Infikovaných súborov: 155

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> No action taken.
HKEY_CLASSES_ROOT\FirefoxHTML\shell\HTMLView (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\HtmlViewFile (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\mhtmlfile\shell\HTMLView (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\xmlfile\shell\HTMLView (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sob Software (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sob Software (Trojan.Downloader) -> No action taken.

Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Files: 571 -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> No action taken.

Infikovaných súborov:
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-115549.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-115607.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-124825.296.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-160847.640.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-220438.156.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-085112.859.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-094212.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-102529.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-102558.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-102653.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-111955.406.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-135857.843.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-143218.046.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-144503.062.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-151430.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-190133.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-190510.625.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-202124.750.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-204131.546.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-092207.468.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-112358.265.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-190602.843.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-195245.890.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-090413.562.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-125437.250.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-131025.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-143041.906.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-190323.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-213032.500.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-220948.890.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-081430.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-085849.109.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-101154.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-102906.984.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-113945.343.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-152145.421.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-152354.015.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-175914.906.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-184903.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-185719.812.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-210112.234.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-211804.468.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-211926.000.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-090453.609.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-123741.718.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-131820.609.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-152247.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-155107.312.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-155823.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-172238.734.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-173319.078.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-180717.937.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-182149.640.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-191152.546.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-195240.031.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-213121.171.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-082534.453.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-083041.968.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-083829.140.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-162605.843.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-192408.171.log (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbdl.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> No action taken.
C:\Program Files\Common Files\Microsoft Shared\HTMLView\htmlview.exe (Worm.AutoIT) -> No action taken.
C:\Program Files\Common Files\Microsoft Shared\HTMLView\sobsoftex.dll (Worm.AutoIT) -> No action taken.
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\ISOSetup.exe (Trojan.Agent) -> No action taken.

Damned · Příspěvekod **Damned** » 24 zář 2009 19:52

Dobrá.

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Bambuľka · Příspěvekod **Bambuľka** » 24 zář 2009 20:23

OK posielam tie logy.

Malwarebytes' Anti-Malware 1.41
Verzia databázy: 2855
Windows 5.1.2600 Service Pack 3

24.9.2009 20:01:00
mbam-log-2009-09-24 (20-01-00).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 104581
Uplynutý cas: 4 minute(s), 32 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 18
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 1
Infikovaných priecinkov: 11
Infikovaných súborov: 65

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FirefoxHTML\shell\HTMLView (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HtmlViewFile (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mhtmlfile\shell\HTMLView (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xmlfile\shell\HTMLView (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sob Software (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sob Software (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikovaných priecinkov:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Files: 571 -> Quarantined and deleted successfully.

Infikovaných súborov:
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-115549.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-115607.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-124825.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-160847.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090710-220438.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-085112.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-094212.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-102529.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-102558.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-102653.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-111955.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-135857.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-143218.046.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-144503.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-151430.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-190133.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-190510.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-202124.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090711-204131.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-092207.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-112358.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-190602.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090712-195245.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-090413.562.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-125437.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-131025.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-143041.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-190323.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-213032.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090713-220948.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-081430.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-085849.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-101154.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-102906.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-113945.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-152145.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-152354.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-175914.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-184903.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-185719.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-210112.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-211804.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090714-211926.000.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-090453.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-123741.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-131820.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-152247.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-155107.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-155823.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-172238.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-173319.078.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-180717.937.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-182149.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-191152.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-195240.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090715-213121.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-082534.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-083041.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-083829.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-162605.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090716-192408.171.log (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Microsoft Shared\HTMLView\htmlview.exe (Worm.AutoIT) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Microsoft Shared\HTMLView\sobsoftex.dll (Worm.AutoIT) -> Quarantined and deleted successfully.

ComboFix 09-09-23.02 - Anna 24.09.2009 20:15.1.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.895.520 [GMT 2:00]
Running from: c:\documents and settings\Anna\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Microsoft Shared\HTMLView
C:\restore
c:\windows\Installer\27059.msp
c:\windows\Installer\2fe44.msp
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 16:35 . 2009-09-24 16:35 -------- d-----w- c:\program files\CCleaner
2009-09-24 15:28 . 2009-09-24 15:28 -------- d-----w- c:\program files\Trend Micro
2009-09-14 13:30 . 2009-09-14 13:30 -------- d-----w- C:\100OLYMP
2009-09-10 06:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 17:21 . 2008-11-11 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 14:24 . 2007-11-30 19:44 -------- d-----w- c:\documents and settings\Anna\Application Data\OpenOffice.org2
2009-09-24 10:59 . 2007-12-02 20:02 -------- d-----w- c:\documents and settings\Anna\Application Data\Skype
2009-09-23 19:46 . 2008-07-24 15:07 10 ----a-w- c:\windows\popcinfo.dat
2009-09-10 12:54 . 2008-11-11 20:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-11-11 20:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 08:03 . 2007-12-02 20:02 -------- d-----w- c:\program files\Google
2009-08-21 13:05 . 2007-11-30 14:59 21784 ----a-w- c:\documents and settings\Anna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 12:53 . 2009-08-21 12:53 -------- d-----w- c:\program files\MSBuild
2009-08-21 12:53 . 2009-08-21 12:53 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 16:10 . 2008-12-15 18:42 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-12-15 18:42 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-12-15 18:42 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-12-15 18:42 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-12-15 18:42 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-12-15 18:42 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-12-15 18:42 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-12-15 18:42 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-12-15 18:42 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 18:07 . 2009-07-01 12:31 -------- d-----w- c:\documents and settings\Anna\Application Data\BSplayer
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2008-12-31 15:36 . 2008-12-28 21:28 117 ----a-w- c:\program files\mio.txt
2008-12-31 12:36 . 2008-12-31 12:48 10404330 ----a-w- c:\program files\precracked.C0MNVi3W6.rar
2008-12-30 13:06 . 2008-12-30 13:06 10906 ------w- c:\program files\hyp.MDI
2008-12-28 11:14 . 2008-12-28 11:03 323 ----a-w- c:\program files\internet.bat
2008-12-28 11:13 . 2008-12-28 11:03 241 ----a-w- c:\program files\no_internet.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-10 14:20 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 19:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Audio Bible Download Manager\\FCBHDownloadManager3.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.12.2008 20:42 114768]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29.11.2005 19:50 36768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.12.2008 20:42 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 19:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11.11.2008 22:07 47640]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [30.11.2007 20:04 16269]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [30.11.2007 20:14 36352]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.8.2009 19:58 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 17:58]

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 17:58]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: {A1F0C231-0A2C-41C7-9679-186D97D95696} = 192.168.11.1
FF - ProfilePath - c:\documents and settings\Anna\Application Data\Mozilla\Firefox\Profiles\sy2efw3h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 20:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\IfxWlxEN.dll
.
Completion time: 2009-09-24 20:21
ComboFix-quarantined-files.txt 2009-09-24 18:21

Pre-Run: 27 896 246 272 bytes free
Post-Run: 18 adresárov, 28 051 451 904 voľných bajtov

172 --- E O F --- 2009-09-10 07:12

Damned · Příspěvekod **Damned** » 24 zář 2009 20:36

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

KillAll::
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

File::
c:\windows\popcinfo.dat
c:\program files\mio.txt
c:\program files\precracked.C0MNVi3W6.rar
c:\program files\hyp.MDI
c:\program files\internet.bat
c:\program files\no_internet.bat
C:\WINDOWS\system32\amvo.exe

Folder::
c:\documents and settings\Anna\Application Data\BSplayer
c:\program files\BSplayer
c:\program files\Webteh

Driver::
LMIRfsClientNP;LMIRfsClientNP
LMIRfsClientNP

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Bambuľka · Příspěvekod **Bambuľka** » 24 zář 2009 20:56

Už po odinštalovaní tých prvých toolbarov spúšťanie nových okien prestalo a zatiať sa správa normálne. Prikladám logy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:20, on 24.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnp2std.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavenia rozšírenia &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1F0C231-0A2C-41C7-9679-186D97D95696}: NameServer = 192.168.11.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 8082 bytes

ComboFix 09-09-23.02 - Anna 24.09.2009 20:44.2.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.895.493 [GMT 2:00]
Running from: c:\documents and settings\Anna\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anna\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090924-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\program files\hyp.MDI"
"c:\program files\internet.bat"
"c:\program files\mio.txt"
"c:\program files\no_internet.bat"
"c:\program files\precracked.C0MNVi3W6.rar"
"c:\windows\popcinfo.dat"
"c:\windows\system32\amvo.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anna\Application Data\BSplayer
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\_changes_eng.txt
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\_changes_rus.txt
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\_readme.txt
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3config.exe
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3config.exe.manifest
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3filter.acm
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3filter.ax
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3filter.ax.manifest
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3filter_reg_presets.reg
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3filter_reg_renderers_win2k.reg
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3filter_reg_renderers_win9x.reg
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\ac3filter_reg_reset.reg
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\dialog_patch.exe
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\doc\ac3filter_eng.pdf
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\doc\ac3filter_rus.pdf
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\doc\loudness_eng.pdf
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\doc\loudness_rus.pdf
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\doc\spdif_eng.pdf
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\doc\spdif_rus.pdf
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\GPL_eng.txt
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\GPL_rus.txt
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\iconv.dll
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\ac3filter.pot
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\fre.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\ger.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\hun.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\ind.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\ita.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\kor.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\pol.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\por.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\rus.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\slo.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\spa.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\lang\zho.po
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\uninstall.exe
c:\documents and settings\Anna\Application Data\BSplayer\AC3 Filter\unreg.log
c:\documents and settings\Anna\Application Data\BSplayer\bslib\BSPMLIB.DAT
c:\documents and settings\Anna\Application Data\BSplayer\bslib\BSPMLIB2.DAT
c:\documents and settings\Anna\Application Data\BSplayer\bslib\pcnt.dat
c:\documents and settings\Anna\Application Data\BSplayer\BSplayer.xml
c:\documents and settings\Anna\Application Data\BSplayer\bsplist.bsl
c:\documents and settings\Anna\Application Data\BSplayer\bspml.xml
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\andreas_78er.matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\andreas_doppelte_99er.matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\andreas_einfache_99er.matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Bulletproof's Heavy Compression Matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Bulletproof's High Quality Matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\CG-Animation Matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\eqm_autogk_sharp.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\eqm_avc_hr.cfg
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\eqm_v1.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\eqm_v3ehr.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\eqm_v3hr.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\eqm_v3lr.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\eqm_v3uhr_rev2.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\eqm_v3ulr_rev3.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\hvs-best-picture.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\hvs-better-picture.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\hvs-good-picture.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Low Bitrate Matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\MPEG.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\pvcd.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\q_matrix.cfg
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\q_matrix_def.cfg
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\q_matrix2.cfg
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Soulhunters V3.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Soulhunters V5.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Standard.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Ultimate Matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Ultra Low Bitrate Matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\custom matrices\Very Low Bitrate Matrix.xcm
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_kernelDeint.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_liba52.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_libdts.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_libfaad2.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_libmad.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_realaac.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_samplerate.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_theora.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_tremor.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_unrar.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_wmv9.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ff_x264.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ffdshow.ax
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\ffdshow.ax.manifest
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1026.bg
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1028.tc
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1029.cz
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1031.de
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1033.en
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1034.es
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1035.fi
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1036.fr
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1038.hu
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1040.it
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1041.ja
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1041.jp
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1045.pl
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1046.br
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1049.ru
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1051.sk
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.1053.se
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\languages\ffdshow.2052.sc
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\libavcodec.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\libmpeg2_ff.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\libmplayer.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\msvcp71.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\msvcr71.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\openIE.js
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\pthreadGC2.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\TomsMoComp_ff.dll
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\unins000.dat
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\unins000.exe
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\unreg.log
c:\documents and settings\Anna\Application Data\BSplayer\FFDShow\xvidcore.dll
c:\documents and settings\Anna\Application Data\BSplayer\Flash Video (FLV)\FLVSplitter.ax
c:\documents and settings\Anna\Application Data\BSplayer\Flash Video (FLV)\unreg.log
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\avi.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\avs.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\avss.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\cue2xml.js
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\dsmux.exe
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\dxr.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\gdsmux.exe
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\mkunicode.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\mkv2vfr.exe
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\mkx.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\mkzlib.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\mmfinfo.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\mp4.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\ogm.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\splitter.ax
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\ts.dll
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\uninstall.exe
c:\documents and settings\Anna\Application Data\BSplayer\Haali media splitter\unreg.log
c:\documents and settings\Anna\Application Data\BSplayer\MPEG2 decoder\Mpeg2DecFilter.ax
c:\documents and settings\Anna\Application Data\BSplayer\MPEG2 decoder\unreg.log
c:\documents and settings\Anna\Application Data\BSplayer\RealMedia splitter\RealMediaSplitter.ax
c:\documents and settings\Anna\Application Data\BSplayer\RealMedia splitter\unreg.log
c:\program files\hyp.MDI
c:\program files\internet.bat
c:\program files\mio.txt
c:\program files\no_internet.bat
c:\program files\precracked.C0MNVi3W6.rar
c:\program files\Webteh
c:\program files\Webteh\BSplayer\bplay.exe
c:\program files\Webteh\BSplayer\bslib\bslib.dll
c:\program files\Webteh\BSplayer\bslib\pcnt.dat
c:\program files\Webteh\BSplayer\bspcodecdl.exe
c:\program files\Webteh\BSplayer\bspfilters.sam
c:\program files\Webteh\BSplayer\bsplay.exe
c:\program files\Webteh\BSplayer\bsplayer.exe
c:\program files\Webteh\BSplayer\bsplayer.exe.manifest
c:\program files\Webteh\BSplayer\bsrendv2.dll
c:\program files\Webteh\BSplayer\doc\cmdline.txt
c:\program files\Webteh\BSplayer\doc\ini_files.html
c:\program files\Webteh\BSplayer\changes.txt
c:\program files\Webteh\BSplayer\insfiles\BSplayer.xml
c:\program files\Webteh\BSplayer\insfiles\BSPMLIB.DAT
c:\program files\Webteh\BSplayer\insfiles\BSPMLIB2.DAT
c:\program files\Webteh\BSplayer\insfiles\EQ.xml
c:\program files\Webteh\BSplayer\lang\Arabic.lng
c:\program files\Webteh\BSplayer\lang\Arabic2.lng
c:\program files\Webteh\BSplayer\lang\Belarusian.lng
c:\program files\Webteh\BSplayer\lang\Bosnian.lng
c:\program files\Webteh\BSplayer\lang\Breton.lng
c:\program files\Webteh\BSplayer\lang\Bulgarian.lng
c:\program files\Webteh\BSplayer\lang\Catalan.lng
c:\program files\Webteh\BSplayer\lang\Croatian.lng
c:\program files\Webteh\BSplayer\lang\Czech.lng
c:\program files\Webteh\BSplayer\lang\Danish.lng
c:\program files\Webteh\BSplayer\lang\Dutch.lng
c:\program files\Webteh\BSplayer\lang\English.lng
c:\program files\Webteh\BSplayer\lang\Esperanto.lng
c:\program files\Webteh\BSplayer\lang\Estonian.lng
c:\program files\Webteh\BSplayer\lang\Finnish.lng
c:\program files\Webteh\BSplayer\lang\French.lng
c:\program files\Webteh\BSplayer\lang\Galician.lng
c:\program files\Webteh\BSplayer\lang\German.lng
c:\program files\Webteh\BSplayer\lang\Greek.lng
c:\program files\Webteh\BSplayer\lang\Hebrew.lng
c:\program files\Webteh\BSplayer\lang\Hungarian.lng
c:\program files\Webteh\BSplayer\lang\Chinese_Simplified.lng
c:\program files\Webteh\BSplayer\lang\Chinese_Traditional.lng
c:\program files\Webteh\BSplayer\lang\Italian.lng
c:\program files\Webteh\BSplayer\lang\lang_changes.txt
c:\program files\Webteh\BSplayer\lang\Latvian.lng
c:\program files\Webteh\BSplayer\lang\Lithuanian.lng
c:\program files\Webteh\BSplayer\lang\Macedonian.lng
c:\program files\Webteh\BSplayer\lang\Norwegian.lng
c:\program files\Webteh\BSplayer\lang\Polish.lng
c:\program files\Webteh\BSplayer\lang\Portuguese.lng
c:\program files\Webteh\BSplayer\lang\Portuguese_Brazilian.lng
c:\program files\Webteh\BSplayer\lang\Romanian.lng
c:\program files\Webteh\BSplayer\lang\Russian.lng
c:\program files\Webteh\BSplayer\lang\Serbian (Cyrillic).lng
c:\program files\Webteh\BSplayer\lang\Serbian (Latin).lng
c:\program files\Webteh\BSplayer\lang\Slovak.lng
c:\program files\Webteh\BSplayer\lang\Slovenian.lng
c:\program files\Webteh\BSplayer\lang\Spanish.lng
c:\program files\Webteh\BSplayer\lang\Swedish.lng
c:\program files\Webteh\BSplayer\lang\Turkish.lng
c:\program files\Webteh\BSplayer\lang\Ukrainian.lng
c:\program files\Webteh\BSplayer\lang\Uzbek.lng
c:\program files\Webteh\BSplayer\lang\Valenciŕ.lng
c:\program files\Webteh\BSplayer\Media\Umek - Posing As Me clip.mp3
c:\program files\Webteh\BSplayer\mmkeybsupp.dll
c:\program files\Webteh\BSplayer\plugins\oldskin.dll
c:\program files\Webteh\BSplayer\sdk\bsp.h
c:\program files\Webteh\BSplayer\sdk\bsp.pas
c:\program files\Webteh\BSplayer\sdk\plugins\bspplg.h
c:\program files\Webteh\BSplayer\sdk\plugins\bspplg.pas
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.def
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.dsp
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample\sample_plugin.dsw
c:\program files\Webteh\BSplayer\sdk\plugins\C\Sample\sampleplugin.c
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_sub.c
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_sub.def
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsp
c:\program files\Webteh\BSplayer\sdk\plugins\C\sample_subtitles\sample_subtitles.dsw
c:\program files\Webteh\BSplayer\sdk\plugins\Delphi\sample\sample_plugin.dpr
c:\program files\Webteh\BSplayer\sdk\plugins\Delphi\sample_subtitles\sample_sub.dpr
c:\program files\Webteh\BSplayer\Skins\Base\actaspbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\actsubbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\actsubpbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\actvolbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b1u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b3a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b3d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b4a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b4d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b5a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b5d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b5n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b5u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b6n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b7n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b8.bmp
c:\program files\Webteh\BSplayer\Skins\Base\b8n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\balbtnn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btn_dn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btn_ln.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btn_rn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btn_un.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btncolorn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btngrp1bg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btnmenun.bmp
c:\program files\Webteh\BSplayer\Skins\Base\btnmenuu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eq.ini
c:\program files\Webteh\BSplayer\Skins\Base\eqbtn1a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqbtn1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqbtn2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqbtn2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqbtnn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\eqmain.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn1u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exabtn4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exaudioa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exaudion.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exaudiou.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn1u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdbtn4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdvda.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdvdn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exdvdu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exitn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exitu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exradioa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exradion.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exradiou.bmp
c:\program files\Webteh\BSplayer\Skins\Base\extbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\extva.bmp
c:\program files\Webteh\BSplayer\Skins\Base\extvn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\extvu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn1a.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn5n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn5u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn6n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn6u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn7n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn7u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn8n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvbtn8u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvideoa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvideon.bmp
c:\program files\Webteh\BSplayer\Skins\Base\exvideou.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsactbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb1d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb1n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb1u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb2d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb3d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb3n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb3u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb4d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb4n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb4u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb5d.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb5n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsb5u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsmain.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsn.BMP
c:\program files\Webteh\BSplayer\Skins\Base\fsnextd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsnextn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsnextu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsopend.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsopenn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsopenu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fspaused.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fspausen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fspauseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsplayd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsplayn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsplayu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsprevd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsprevn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsprevu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsseek.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsseeku.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsstopd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsstopn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsstopu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\fsu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\grp2.bmp
c:\program files\Webteh\BSplayer\Skins\Base\main.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\arr2n.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\arr2u.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\arrn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\arru.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\audiosec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\audiosec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\bgmedia.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\bottomsec.ini
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnaddn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnaddpln.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnclosed.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnclosen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btncloseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnmaxd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnmaxn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnmaxu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnmind.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnminn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnminu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnnextd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnnextn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnnextu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnpaused.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnpausen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnpauseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnplayd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnplayn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnplayu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnprevd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnprevn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnprevu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrefresha.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrefreshn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrepa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrepn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrestd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrestn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnrestu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnshufa.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\btnshufn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\busy.mng
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ctrlsimg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\dvdsec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\dvdsec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\edb.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ede.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\img_bar1.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ltbm.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\main.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\media_tv_sep_top.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_adddn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_adddu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addfln.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addflu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addfn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addfu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addln.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_addlu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_pausen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_pauseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_playn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_playu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_refrn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_refru.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\ml_video_defaultbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\othersec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\pic_place.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\podsec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\podsec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\radiosec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\radiosec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\searchbtn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seek.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seekbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seekbtnd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seekbtnn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\seekbtnu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\skin.ini
c:\program files\Webteh\BSplayer\Skins\Base\medialib\thumbaudio.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\thumbbg.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\thumbbga.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\tvsec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\tvsec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\videosec.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\videosec_big.bmp
c:\program files\Webteh\BSplayer\Skins\Base\medialib\volume.bmp
c:\program files\Webteh\BSplayer\Skins\Base\minimizen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\minimizeu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\mutea.bmp
c:\program files\Webteh\BSplayer\Skins\Base\muted.bmp
c:\program files\Webteh\BSplayer\Skins\Base\muten.bmp
c:\program files\Webteh\BSplayer\Skins\Base\muteu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\nextd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\nextn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\nextu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\opend.bmp
c:\program files\Webteh\BSplayer\Skins\Base\openn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\openu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\paused.bmp
c:\program files\Webteh\BSplayer\Skins\Base\pausen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\pauseu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\playd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\playn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\playu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\plist.ini
c:\program files\Webteh\BSplayer\Skins\Base\prevd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\prevn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\prevu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\rgn.dat
c:\program files\Webteh\BSplayer\Skins\Base\rgnfs.dat
c:\program files\Webteh\BSplayer\Skins\Base\seek.bmp
c:\program files\Webteh\BSplayer\Skins\Base\seeku.bmp
c:\program files\Webteh\BSplayer\Skins\Base\skin.ini
c:\program files\Webteh\BSplayer\Skins\Base\skinfs.ini
c:\program files\Webteh\BSplayer\Skins\Base\sm_closed.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_closen.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_closeu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_maxd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_maxn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_maxu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_mind.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_minn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\sm_minu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\smenud.bmp
c:\program files\Webteh\BSplayer\Skins\Base\smenun.bmp
c:\program files\Webteh\BSplayer\Skins\Base\smenuu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\stopd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\stopn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\stopu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\voldd.bmp
c:\program files\Webteh\BSplayer\Skins\Base\voldn.bmp
c:\program files\Webteh\BSplayer\Skins\Base\voldu.bmp
c:\program files\Webteh\BSplayer\Skins\Base\volud.bmp
c:\program files\Webteh\BSplayer\Skins\Base\volume.bmp
c:\program files\Webteh\BSplayer\Skins\Base\volun.bmp
c:\program files\Webteh\BSplayer\Skins\Base\voluu.bmp
c:\program files\Webteh\BSplayer\Skins\Bat lite.bsz
c:\program files\Webteh\BSplayer\Skins\BSplayer.v1.bsz
c:\program files\Webteh\BSplayer\Skins\mediaBOX v-1.bsz
c:\program files\Webteh\BSplayer\Skins\MediaBOX V-2.bsz
c:\program files\Webteh\BSplayer\uninstall.EXE
c:\windows\popcinfo.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LMIRFSCLIENTNP
-------\Service_LMIRfsClientNP

((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 16:35 . 2009-09-24 16:35 -------- d-----w- c:\program files\CCleaner
2009-09-24 15:28 . 2009-09-24 15:28 -------- d-----w- c:\program files\Trend Micro
2009-09-14 13:30 . 2009-09-14 13:30 -------- d-----w- C:\100OLYMP
2009-09-10 06:48 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 17:21 . 2008-11-11 20:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-24 14:24 . 2007-11-30 19:44 -------- d-----w- c:\documents and settings\Anna\Application Data\OpenOffice.org2
2009-09-24 10:59 . 2007-12-02 20:02 -------- d-----w- c:\documents and settings\Anna\Application Data\Skype
2009-09-10 12:54 . 2008-11-11 20:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-11-11 20:20 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 08:03 . 2007-12-02 20:02 -------- d-----w- c:\program files\Google
2009-08-21 13:05 . 2007-11-30 14:59 21784 ----a-w- c:\documents and settings\Anna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 12:53 . 2009-08-21 12:53 -------- d-----w- c:\program files\MSBuild
2009-08-21 12:53 . 2009-08-21 12:53 -------- d-----w- c:\program files\Reference Assemblies
2009-08-17 16:10 . 2008-12-15 18:42 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-12-15 18:42 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-12-15 18:42 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-12-15 18:42 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-12-15 18:42 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-12-15 18:42 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-12-15 18:42 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-12-15 18:42 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-12-15 18:42 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-24_18.19.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-24 18:49 . 2009-09-24 18:49 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-01 111928]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-10 14:20 434176 ----a-w- c:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 19:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Audio Bible Download Manager\\FCBHDownloadManager3.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15.12.2008 20:42 114768]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [29.11.2005 19:50 36768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15.12.2008 20:42 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 19:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11.11.2008 22:07 47640]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\ATK0100\ASNDIS5.sys [30.11.2007 20:04 16269]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [30.11.2007 20:14 36352]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.8.2009 19:58 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 17:58]

2009-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-23 17:58]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
TCP: {A1F0C231-0A2C-41C7-9679-186D97D95696} = 192.168.11.1
FF - ProfilePath - c:\documents and settings\Anna\Application Data\Mozilla\Firefox\Profiles\sy2efw3h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BSPlayerf - c:\program files\Webteh\BSplayer\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 20:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'explorer.exe'(3112)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\IFXSPMGT.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Infineon\Security Platform Software\PSDsrvc.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Infineon\Security Platform Software\PSDrt.exe
c:\program files\Infineon\Security Platform Software\SpTNA.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\ATK0100\ATKOSD.exe
.
**************************************************************************
.
Completion time: 2009-09-24 20:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-24 18:53
ComboFix2.txt 2009-09-24 18:21

Pre-Run: 28 057 645 056 bytes free
Post-Run: 18 adresárov, 27 912 572 928 voľných bajtov

698 --- E O F --- 2009-09-10 07:12

Damned · Příspěvekod **Damned** » 24 zář 2009 21:04

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
*****************************************************************************************************************************************
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

Bambuľka · Příspěvekod **Bambuľka** » 24 zář 2009 21:26

Vyčisteno a zdá sa že to bude OK, tak keby niečo, tak sa ohlásim. Zatiaľ ďakujem.

Prosim o kontrolu- stale otvara nove okna. Vyřešeno

Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna.

Re: Prosim o kontrolu- stale otvara nove okna. Vyřešeno

Kdo je online