prosím o kontrolu logu dik Vyřešeno

[pauleta]

prosím o kontrolu logu dik
když spustim mozilu, tak mi to hodí tuhle hlášku Load user profile failed! to potvrdim a hodí mi to tohle:
load file failed C: /dokument and settings/uživatel/local settings/data aplikací/_/_/4.1.2.19770/data/profile.mx


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:56, on 15.7.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbappHelper.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - (no file)
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: _ - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stb0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\GamingHarbor Toolbar\4.1.2.19770\stbapp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60929E8C-D91E-4356-9E71-D8269EFFB74D}: NameServer = 213.226.224.126,213.226.224.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate1c9c321cb7ebc6c) (gupdate1c9c321cb7ebc6c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8811 bytes

[Reklama]

[Damned]

Selhalo načtení uživatelského profilu. Goporučuji FF odinstalovat, odinstalovat GamingHarbor Toolbar a odinstalovat DAEMON Tools Toolbar.

Potom si stáhni Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[guest]

To Pauleta, děláš v tom pěkný zmatek - jednu věc řešíš na dvou místech !

[pauleta]

sorry mi někdo napsal odkaz že sem to hodil do špatný sekce tak sem to dal sem

[Damned]

Tak zatím problém řeš tady.
Odinstalace a kontrola netrvá 3 hodiny.

[pauleta]

ja měl trening jinak bych to udělal hned

[pauleta]

tady to je


Malwarebytes' Anti-Malware 1.39
Verze databáze: 2435
Windows 5.1.2600 Service Pack 2

15.7.2009 20:58:30
mbam-log-2009-07-15 (20-58-24).txt

Typ skenu: Rychlý sken
Objektu skenováno: 94451
Uplynulý cas: 3 minute(s), 19 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 3
Infikované klíce registru: 16
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 19
Infikované soubory: 34

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmileyApp (Adware.DoubleD) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790 (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\Data (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.

Infikované soubory:
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\hppx.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\MAHelper.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.

[Damned]

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[pauleta]

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2435
Windows 5.1.2600 Service Pack 2

15.7.2009 21:17:21
mbam-log-2009-07-15 (21-17-21).txt

Typ skenu: Rychlý sken
Objektu skenováno: 94847
Uplynulý cas: 1 minute(s), 25 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 3
Infikované klíce registru: 16
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 19
Infikované soubory: 34

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmileyApp (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Delete on reboot.
c:\program files\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> Delete on reboot.
c:\program files\internet saving optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Delete on reboot.
c:\program files\system search dispatcher\1.2.0.750 (Adware.DoubleD) -> Delete on reboot.
c:\program files\system search dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> Delete on reboot.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> Delete on reboot.
c:\program files\media access startup\1.3.0.790\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\media access startup\1.3.0.790\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Delete on reboot.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\system search dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

[Damned]

Pokud se nevyskytl problém, tak ještě ten ComboFix.

[pauleta]

ComboFix 09-07-14.08 - Uživatel 15.07.2009 21:26.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3326.2896 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Soubory vytvořené od 2009-06-15 do 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-15 18:53 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 18:53 . 2009-07-15 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 18:53 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 18:42 . 2009-07-15 19:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-14 15:10 . 2009-07-14 15:10 -------- d-----w- C:\8e2f580c50d2cda96ecfd024e6e9dc
2009-07-14 14:20 . 2009-07-14 14:20 -------- d-----w- C:\0693217d2e6b29b5908a19452bccad
2009-07-14 14:16 . 2009-07-14 14:16 -------- d-----w- C:\36f42c086348360ecd3b0d28373db5
2009-07-14 14:15 . 2009-07-14 14:15 -------- d-----w- C:\b1897abb7b06cae49526
2009-07-14 13:47 . 2004-08-18 12:00 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2009-07-14 13:46 . 2003-04-14 18:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2009-07-14 13:44 . 2004-08-18 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-07-14 13:26 . 2004-08-18 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-07-14 13:26 . 2004-08-18 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-07-14 13:26 . 2004-08-18 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-07-14 13:26 . 2004-08-18 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-07-12 15:37 . 2009-07-12 15:37 -------- d-----w- c:\program files\CCleaner
2009-07-05 09:33 . 2009-07-05 09:33 1992 ----a-w- c:\windows\desctemp.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 19:30 . 2008-08-07 22:17 16608 ----a-w- c:\windows\gdrv.sys
2009-07-15 18:45 . 2008-12-11 13:16 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-15 18:36 . 2008-12-11 13:12 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-14 14:00 . 2008-08-18 12:07 -------- d-----w- c:\program files\HP
2009-07-14 13:52 . 2004-08-18 12:00 91432 ----a-w- c:\windows\system32\perfc005.dat
2009-07-14 13:52 . 2004-08-18 12:00 463024 ----a-w- c:\windows\system32\perfh005.dat
2009-07-14 13:44 . 2008-08-07 21:47 23588 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-13 18:48 . 2008-11-17 12:06 -------- d-----w- c:\program files\DivX
2009-06-13 16:18 . 2009-06-13 16:18 -------- d-----w- c:\program files\Opera
2009-06-11 07:59 . 2008-08-19 07:09 -------- d-----w- c:\program files\Google
2009-06-11 07:56 . 2009-06-11 07:56 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-06 19:15 . 2009-05-06 07:57 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-06 19:15 . 2009-05-06 07:57 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2004-03-11 11:27 . 2008-08-18 11:59 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-18 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-18 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-07 16862208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\U§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-8-20 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^Adobe Media Player.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.1.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.1.lnk
backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Hudba\\Nová složka\\Sniper Elite\\SniperElite.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Filters\\divxconfig.exe"=
"c:\\Program Files\\DivX\\DivXBundleUninstall.exe"=
"c:\\Program Files\\Futuremark\\3DMark06\\3DMark06.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6.5.2009 9:57 108289]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [8.8.2008 0:17 80392]
S2 gupdate1c9c321cb7ebc6c;Služba Google Update (gupdate1c9c321cb7ebc6c);c:\program files\Google\Update\GoogleUpdate.exe [22.4.2009 10:10 133104]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 12:21]

2009-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-19 08:08]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 08:10]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 08:10]

2009-07-15 c:\windows\Tasks\User_Feed_Synchronization-{B0ADB6A1-F885-4FF0-BCC9-869D58C5C4D4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {60929E8C-D91E-4356-9E71-D8269EFFB74D} = 213.226.224.126,213.226.224.12
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 21:30
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-220523388-1606980848-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:45,af,62,ed,ef,6f,61,35,01,0a,78,6d,2f,81,9b,a2,e8,4e,43,20,c9,
bc,a2,66,c2,ed,1b,95,e8,bb,8e,16,70,c5,34,c5,35,a3,8e,97,b2,2d,d2,8d,bd,82,\
"rkeysecu"=hex:0c,24,0e,b0,dd,8a,99,17,cd,87,74,4f,08,6f,32,f0
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2009-07-15 21:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-15 19:34

Před spuštěním: 1 751 060 480
Po spuštění: 3 271 528 448

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
182 --- E O F --- 2009-07-14 21:08

[Damned]

Odinstaluj si Daemon Tools toolbar.
Toto: C:\8e2f580c50d2cda96ecfd024e6e9dc
C:\0693217d2e6b29b5908a19452bccad
C:\36f42c086348360ecd3b0d28373db5
C:\b1897abb7b06cae49526
by mohli být aktualizace Windows. Že?
***************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\desctemp.dat
d:\FXDrv32.sys

Folder::
c:\program files\DAEMON Tools Toolbar

Driver::
FXDrv32;FXDrv32
FXDrv32




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače