Kontrola logu-vyskakování oken na netu Vyřešeno

[zajdulka]

Potřebovala bych pomoct. Neustále mi na netu vyskakují další okna s různými stránkami (gaming harbor, travian apod.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:30, on 3.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Genius\TVGo DVB-T02PRO\DetectTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\DOCUME~1\klarka\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Stažené soubory\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\klarka\Desktop\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [DetectTray] C:\Program Files\Genius\TVGo DVB-T02PRO\DetectTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 6893 bytes

[Reklama]

[jaro3]

Odinstaluj:
pdfforge Toolbar
Media Access Startup
Internet Saving Optimizer
System Search Dispatcher


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[zajdulka]

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2549
Windows 5.1.2600 Service Pack 2

3.8.2009 16:08:16
mbam-log-2009-08-03 (16-08-10).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82702
Uplynulý cas: 5 minute(s), 31 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 30
Infikované hodnoty registru: 3
Infikované položky dat registru: 0
Infikované složky: 25
Infikované soubory: 207

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.3.0.840 (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.3.0.840\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\klarka\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\klarka\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\klarka\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850 (Adware.DoubleD) -> No action taken.

Infikované soubory:
C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\media access startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
c:\program files\internet saving optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.3.0.840\unins000.dat (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.3.0.840\unins000.exe (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.3.0.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.3.0.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
c:\program files\system search dispatcher\1.3.0.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\config.md (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\ipdata.md (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090714-092930.531.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090714-094725.953.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090714-113558.968.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090714-170049.609.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090714-183203.656.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090714-185901.687.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090715-150832.687.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090715-150838.328.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090715-154853.328.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090715-181045.203.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090716-093017.375.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090716-104346.984.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090716-105654.578.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090716-115638.093.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090716-183139.062.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090716-212208.812.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090717-102337.000.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090717-144821.359.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090718-011423.046.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090718-164706.500.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090719-211310.562.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090719-215026.703.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090719-221151.859.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090719-224527.062.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090719-232243.218.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090720-003841.390.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090720-111421.500.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090720-120504.531.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090720-142449.312.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090720-142943.546.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090721-004658.265.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090721-093302.250.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090721-113546.562.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090721-122216.625.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090721-220110.812.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090722-143613.614.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090722-210350.546.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-092524.906.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-095513.546.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-103023.640.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-135939.875.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-152130.968.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-164623.687.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-181949.218.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-191656.250.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-221834.546.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-222346.296.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-222553.328.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090723-222712.859.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090724-110013.843.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090724-120102.250.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090724-121643.156.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090724-214811.937.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090724-234540.890.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090724-235204.875.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090726-165820.625.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090726-213633.046.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090726-222554.937.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090726-222857.718.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090726-232543.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090726-232648.687.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090727-134301.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090727-150208.312.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090727-165703.734.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090727-195539.765.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090728-123625.671.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090729-231200.703.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090730-132621.484.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090730-234043.937.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090731-100848.656.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090731-103117.140.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090731-141052.000.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090801-152822.734.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090802-225220.453.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090802-232343.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090803-001459.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090803-095905.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090803-104720.062.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090803-131016.875.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090803-145121.500.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090803-145334.390.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090803-145649.078.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\NP_20090803-151623.562.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\internet saving optimizer\3.4.0.4340\rstatus.md (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\config.md (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-092629.265.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-092929.890.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-094725.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-113558.437.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-170049.468.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-183203.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-185901.406.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090715-150832.500.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090715-150838.312.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090715-154853.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090715-181045.140.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-093017.265.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-104346.921.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-105654.546.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-115638.015.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-183138.968.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-212208.734.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090717-102336.843.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090717-144821.265.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090718-011422.984.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090718-164706.375.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-211310.421.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-215026.625.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-221151.796.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-224527.015.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-232243.187.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-003841.343.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-111421.484.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-120504.500.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-142449.281.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-142943.531.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-004658.250.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-093302.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-113546.546.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-122216.609.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-220110.781.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-143613.567.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-210350.531.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-092524.859.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-095513.531.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-103023.625.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-135939.781.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-152130.640.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-164623.656.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-181949.203.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-191656.218.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-221834.515.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-222346.281.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-222553.312.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-222712.781.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-110013.812.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-120102.234.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-121643.031.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-214811.906.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-234540.875.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-235204.859.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-165820.609.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-213633.015.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-222554.906.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-222857.703.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-232543.109.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-232648.671.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-134301.156.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-150208.281.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-165703.718.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-195539.750.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090728-123625.640.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090729-231200.687.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090730-132621.453.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090730-234043.906.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090731-100848.640.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090731-103117.109.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090731-141051.953.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090801-152822.718.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090802-225220.375.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090802-232343.140.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-001459.296.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-095905.328.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-104720.031.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-131016.859.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-145121.484.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-145334.375.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-145649.062.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-151623.546.log (Adware.DoubleD) -> No action taken.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\ipdata.md (Adware.DoubleD) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u NOD32 .
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[zajdulka]

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2549
Windows 5.1.2600 Service Pack 2

3.8.2009 16:30:41
mbam-log-2009-08-03 (16-30-41).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82634
Uplynulý cas: 4 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 13
Infikované hodnoty registru: 1
Infikované položky dat registru: 0
Infikované složky: 7
Infikované soubory: 91

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\klarka\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\klarka\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\klarka\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované soubory:
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-092629.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-092929.890.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-094725.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-113558.437.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-170049.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-183203.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090714-185901.406.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090715-150832.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090715-150838.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090715-154853.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090715-181045.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-093017.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-104346.921.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-105654.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-115638.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-183138.968.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090716-212208.734.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090717-102336.843.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090717-144821.265.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090718-011422.984.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090718-164706.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-211310.421.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-215026.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-221151.796.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-224527.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090719-232243.187.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-003841.343.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-111421.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-120504.500.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-142449.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090720-142943.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-004658.250.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-093302.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-113546.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-122216.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090721-220110.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-143613.567.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090722-210350.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-092524.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-095513.531.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-103023.625.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-135939.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-152130.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-164623.656.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-181949.203.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-191656.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-221834.515.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-222346.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-222553.312.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090723-222712.781.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-110013.812.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-120102.234.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-121643.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-214811.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-234540.875.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090724-235204.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-165820.609.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-213633.015.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-222554.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-222857.703.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-232543.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090726-232648.671.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-134301.156.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-150208.281.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-165703.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090727-195539.750.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090728-123625.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090729-231200.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090730-132621.453.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090730-234043.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090731-100848.640.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090731-103117.109.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090731-141051.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090801-152822.718.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090802-225220.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090802-232343.140.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-001459.296.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-095905.328.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-104720.031.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-131016.859.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-145121.484.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-145334.375.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-145649.062.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-151623.546.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-160824.953.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-161058.218.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-161102.687.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-161120.906.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\HJHP_20090803-161239.468.log (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\documents and settings\klarka\local settings\application data\media access startup\1.5.0.850\ipdata.md (Adware.DoubleD) -> Quarantined and deleted successfully.

[jaro3]

Ještě ten Combofix.

[zajdulka]

ComboFix 09-08-02.04 - klarka 03.08.2009 16:44.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.246.99 [GMT 2:00]
Spuštěný z: c:\documents and settings\klarka\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\klarka\Application Data\inst.exe
c:\windows\Installer\18d3c.msi
D:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-03 do 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 13:59 . 2009-08-03 13:59 -------- d-----w- c:\documents and settings\klarka\Application Data\Malwarebytes
2009-08-03 13:59 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:59 . 2009-08-03 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 13:59 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 13:59 . 2009-08-03 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 08:12 . 2009-08-03 08:12 57344 ----a-w- c:\windows\system32\COMMTB32.DLL
2009-08-03 08:12 . 2009-08-03 08:12 28672 ----a-w- c:\windows\system32\HLP95EN.DLL
2009-08-03 08:12 . 2009-08-03 08:12 169984 ----a-w- c:\windows\system32\P2D.DLL
2009-08-03 08:12 . 2009-08-03 08:12 161552 ----a-w- c:\windows\system32\ASYCPICT.DLL
2009-08-03 08:12 . 2009-08-03 08:12 -------- d-----w- c:\program files\ActiveX Control Pad
2009-07-21 20:37 . 2009-07-21 20:37 -------- d-----w- c:\documents and settings\klarka\Local Settings\Application Data\Conduit
2009-07-21 20:37 . 2009-07-26 21:25 -------- d-----w- c:\documents and settings\klarka\Local Settings\Application Data\MyPlayCity
2009-07-21 20:37 . 2009-07-21 20:37 -------- d-----w- c:\program files\Conduit
2009-07-21 20:37 . 2009-07-24 10:17 -------- d-----w- c:\program files\MyPlayCity
2009-07-20 10:46 . 2009-07-20 10:46 -------- d-----w- c:\documents and settings\klarka\Local Settings\Application Data\ESET
2009-07-18 16:39 . 2009-06-16 14:45 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-18 16:39 . 2009-06-16 14:45 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-07-16 17:12 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 14:48 . 2009-03-18 20:10 -------- d-----w- c:\documents and settings\klarka\Application Data\Skype
2009-08-01 19:43 . 2009-03-19 03:17 -------- d-----w- c:\documents and settings\klarka\Application Data\dvdcss
2009-07-19 19:30 . 2009-03-18 08:48 -------- d-----w- c:\documents and settings\klarka\Application Data\ICQ
2009-07-08 09:46 . 2009-04-01 19:38 16 ----a-w- c:\windows\popcinfot.dat
2009-06-16 14:45 . 2007-04-28 14:02 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:45 . 2005-10-17 20:21 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 09:07 . 2009-06-12 09:07 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 09:06 . 2009-03-18 20:01 -------- d-----w- c:\program files\Java
2009-06-12 09:04 . 2009-05-12 15:40 152576 ----a-w- c:\documents and settings\klarka\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-03 19:24 . 2007-10-29 22:35 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 17:48 . 2009-03-26 00:16 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-07-23 13:20 . 2009-03-18 21:00 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[-] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[-] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[-] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[-] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
[-] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\imm32.dll
[-] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\appmgmts.dll
[-] 2004-08-04 12:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kbdclass.sys
[-] 2004-08-03 20:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comres.dll
[-] 2004-08-04 12:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lpk.dll
[-] 2004-08-04 12:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll

[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\msgsvc.dll
[-] 2004-08-04 12:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2001-08-17 13:57 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfc.dll
[-] 2004-08-04 12:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
[-] 2004-08-04 12:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll

[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wscntfy.exe
[-] 2004-08-04 12:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe

[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntmssvc.dll
[-] 2004-08-04 12:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rasauto.dll
[-] 2004-08-04 12:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-07-02 08:18 2215960 ----a-w- c:\program files\MyPlayCity\tbMyP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\documents and settings\klarka\Desktop\Skype\Phone\Skype.exe" [2007-05-18 23423528]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"DetectTray"="c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2009-03-17 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-25 1451264]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-03-17 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2009-03-17 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Couter strike\\hl.exe"=
"d:\\Hry\\Dune 2000\\DUNE2000.DAT"=
"c:\\Documents and Settings\\klarka\\Desktop\\Skype\\Phone\\Skype.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [6.5.2009 10:26 149376]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [25.10.2008 5:53 34824]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [25.10.2008 5:51 468224]
S0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys --> c:\windows\system32\DRIVERS\stwlfbus.sys [?]
S3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\drivers\EC168BDA.sys [23.5.2009 10:09 67968]
S3 st3wolf;st3wolf;c:\windows\system32\DRIVERS\st3wolf.sys --> c:\windows\system32\DRIVERS\st3wolf.sys [?]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-03 c:\windows\Tasks\User_Feed_Synchronization-{578650F3-06D9-4B92-A34C-A3548BC06A8F}.job
- c:\windows\system32\msfeedssync.exe [2007-12-12 09:51]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-pdfSaver3 - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\klarka\Application Data\Mozilla\Firefox\Profiles\zyzxzyws.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 16:48
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-08-03 16:50
ComboFix-quarantined-files.txt 2009-08-03 14:50

Před spuštěním: 10 704 396 288 bytes free
Po spuštění: Volných bajtů: 10 689 400 832

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

181 --- E O F --- 2009-07-18 18:04

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\popcinfot.dat

Registry::
[-HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[zajdulka]

ComboFix 09-08-02.04 - klarka 04.08.2009 11:28:01.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.246.87 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\klarka\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\klarka\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\popcinfot.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\popcinfot.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 09:15:38 . 2009-08-04 09:17:11 0 d-----w- C:\32788R22FWJFW
2009-08-03 13:59:53 . 2009-08-03 13:59:53 0 d-----w- C:\Documents and Settings\klarka\Application Data\Malwarebytes
2009-08-03 13:59:46 . 2009-07-13 11:36:34 38160 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-08-03 13:59:43 . 2009-08-03 13:59:43 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-03 13:59:43 . 2009-07-13 11:36:12 19096 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-08-03 13:59:42 . 2009-08-03 13:59:51 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-03 08:12:34 . 2009-08-03 08:12:34 57344 ----a-w- C:\WINDOWS\system32\COMMTB32.DLL
2009-08-03 08:12:34 . 2009-08-03 08:12:34 28672 ----a-w- C:\WINDOWS\system32\HLP95EN.DLL
2009-08-03 08:12:34 . 2009-08-03 08:12:34 169984 ----a-w- C:\WINDOWS\system32\P2D.DLL
2009-08-03 08:12:34 . 2009-08-03 08:12:34 161552 ----a-w- C:\WINDOWS\system32\ASYCPICT.DLL
2009-08-03 08:12:22 . 2009-08-03 08:12:35 0 d-----w- C:\Program Files\ActiveX Control Pad
2009-07-21 20:37:21 . 2009-07-21 20:37:21 0 d-----w- C:\Documents and Settings\klarka\Local Settings\Application Data\Conduit
2009-07-21 20:37:20 . 2009-07-26 21:25:56 0 d-----w- C:\Documents and Settings\klarka\Local Settings\Application Data\MyPlayCity
2009-07-21 20:37:20 . 2009-07-21 20:37:20 0 d-----w- C:\Program Files\Conduit
2009-07-21 20:37:19 . 2009-07-24 10:17:04 0 d-----w- C:\Program Files\MyPlayCity
2009-07-20 10:46:33 . 2009-07-20 10:46:33 0 d-----w- C:\Documents and Settings\klarka\Local Settings\Application Data\ESET
2009-07-18 16:39:18 . 2009-06-16 14:45:39 81920 -c----w- C:\WINDOWS\system32\dllcache\fontsub.dll
2009-07-18 16:39:17 . 2009-06-16 14:45:39 119808 -c----w- C:\WINDOWS\system32\dllcache\t2embed.dll
2009-07-16 17:12:47 . 2001-08-17 11:56:16 7552 ----a-w- C:\WINDOWS\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 09:36:38 . 2009-03-18 20:10:02 0 d-----w- C:\Documents and Settings\klarka\Application Data\Skype
2009-08-01 19:43:19 . 2009-03-19 03:17:07 0 d-----w- C:\Documents and Settings\klarka\Application Data\dvdcss
2009-07-19 19:30:33 . 2009-03-18 08:48:11 0 d-----w- C:\Documents and Settings\klarka\Application Data\ICQ
2009-06-16 14:45:39 . 2007-04-28 14:02:19 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-16 14:45:39 . 2005-10-17 20:21:20 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-12 09:07:02 . 2009-06-12 09:07:52 410984 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-06-12 09:06:54 . 2009-03-18 20:01:14 0 d-----w- C:\Program Files\Java
2009-06-12 09:04:09 . 2009-05-12 15:40:33 152576 ----a-w- C:\Documents and Settings\klarka\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-03 19:24:03 . 2007-10-29 22:35:13 1291264 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-05-31 17:48:57 . 2009-03-26 00:16:11 53319 ----a-w- C:\Documents and Settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-07 15:44:00 . 2004-08-04 12:00:00 344064 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-07-23 13:20:54 . 2009-03-18 21:00:40 134648 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-03_14.48.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-04 09:34:35 . 2009-08-04 09:34:35 16384 C:\WINDOWS\temp\Perflib_Perfdata_528.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00:00 15360]
"Skype"="C:\Documents and Settings\klarka\Desktop\Skype\Phone\Skype.exe" [2007-05-18 19:14:38 23423528]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 23:06:06 1840424]
"pdfSaver3"="c:\Program Files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 12:29:22 385024]
"DetectTray"="C:\Program Files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 15:38:52 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 10:17:04 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 10:13:40 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 10:17:50 118784]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2009-03-17 18:35:38 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-06-12 09:07:06 148888]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 22:39:52 570664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 05:16:00 39792]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 20:07:38 761946]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-25 03:50:00 1451264]
"602PC SUITE PDF Saver"="C:\Program Files\Common Files\soft602\pdfSaver.exe" [2005-08-31 14:00:32 49152]
"RTHDCPL"="RTHDCPL.EXE" - C:\WINDOWS\RTHDCPL.exe [2009-03-17 18:35:37 16248320]
"SkyTel"="SkyTel.EXE" - C:\WINDOWS\SkyTel.exe [2009-03-17 18:35:38 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00:00 15360]

[zajdulka]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:23, on 4.8.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21045)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\klarka\Desktop\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\DOCUME~1\klarka\LOCALS~1\Temp\RtkBtMnt.exe
D:\Stažené soubory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theprizeday.com/today.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Documents and Settings\klarka\Desktop\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [DetectTray] C:\Program Files\Genius\TVGo DVB-T02PRO\DetectTray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 5637 bytes

[jaro3]

Ten log z CF si nevložila celý, chybí konec..
Vlož ještě jednou , nachází se v C:\

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod: viewtopic.php?f=70&t=5119

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
O2 - BHO: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
O3 - Toolbar: (no name) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


[zajdulka]

ComboFix 09-08-02.04 - klarka 04.08.2009 13:33.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1033.18.246.89 [GMT 2:00]
Spuštěný z: c:\documents and settings\klarka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\klarka\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\popcinfot.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\popcinfot.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-03 13:59 . 2009-08-03 13:59 -------- d-----w- c:\documents and settings\klarka\Application Data\Malwarebytes
2009-08-03 13:59 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:59 . 2009-08-03 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 13:59 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 13:59 . 2009-08-03 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 08:12 . 2009-08-03 08:12 57344 ----a-w- c:\windows\system32\COMMTB32.DLL
2009-08-03 08:12 . 2009-08-03 08:12 28672 ----a-w- c:\windows\system32\HLP95EN.DLL
2009-08-03 08:12 . 2009-08-03 08:12 169984 ----a-w- c:\windows\system32\P2D.DLL
2009-08-03 08:12 . 2009-08-03 08:12 161552 ----a-w- c:\windows\system32\ASYCPICT.DLL
2009-08-03 08:12 . 2009-08-03 08:12 -------- d-----w- c:\program files\ActiveX Control Pad
2009-07-21 20:37 . 2009-07-21 20:37 -------- d-----w- c:\documents and settings\klarka\Local Settings\Application Data\Conduit
2009-07-21 20:37 . 2009-07-26 21:25 -------- d-----w- c:\documents and settings\klarka\Local Settings\Application Data\MyPlayCity
2009-07-21 20:37 . 2009-07-21 20:37 -------- d-----w- c:\program files\Conduit
2009-07-21 20:37 . 2009-07-24 10:17 -------- d-----w- c:\program files\MyPlayCity
2009-07-20 10:46 . 2009-07-20 10:46 -------- d-----w- c:\documents and settings\klarka\Local Settings\Application Data\ESET
2009-07-18 16:39 . 2009-06-16 14:45 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-18 16:39 . 2009-06-16 14:45 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-07-16 17:12 . 2001-08-17 11:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 11:40 . 2009-03-18 20:10 -------- d-----w- c:\documents and settings\klarka\Application Data\Skype
2009-08-01 19:43 . 2009-03-19 03:17 -------- d-----w- c:\documents and settings\klarka\Application Data\dvdcss
2009-07-19 19:30 . 2009-03-18 08:48 -------- d-----w- c:\documents and settings\klarka\Application Data\ICQ
2009-06-16 14:45 . 2007-04-28 14:02 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:45 . 2005-10-17 20:21 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 09:07 . 2009-06-12 09:07 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 09:06 . 2009-03-18 20:01 -------- d-----w- c:\program files\Java
2009-06-12 09:04 . 2009-05-12 15:40 152576 ----a-w- c:\documents and settings\klarka\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-03 19:24 . 2007-10-29 22:35 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 17:48 . 2009-03-26 00:16 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-07-23 13:20 . 2009-03-18 21:00 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[-] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[-] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[-] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[-] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
[-] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\imm32.dll
[-] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\appmgmts.dll
[-] 2004-08-04 12:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kbdclass.sys
[-] 2004-08-03 20:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-14 00:11 792064 1280A158C722FA95A80FB7AEBE78FA7D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\comres.dll
[-] 2004-08-04 12:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2008-04-14 00:11 22016 012DF358CEBAA23ACB26D82077820817 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lpk.dll
[-] 2004-08-04 12:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll

[-] 2008-04-14 00:11 33792 986B1FF5814366D71E0AC5755C88F2D3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\msgsvc.dll
[-] 2004-08-04 12:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2001-08-17 13:57 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-14 00:12 5120 96E1C926F22EE1BFBAE82901A35F6BF3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfc.dll
[-] 2004-08-04 12:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2008-04-14 00:12 171008 3805DF0AC4296A34BA4BF93B346CC378 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
[-] 2004-08-04 12:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll

[-] 2008-04-14 00:12 13824 F92E1076C42FCD6DB3D72D8CFE9816D5 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wscntfy.exe
[-] 2004-08-04 12:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe

[-] 2008-04-14 00:12 435200 156F64A3345BD23C600655FB4D10BC08 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntmssvc.dll
[-] 2004-08-04 12:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll

[-] 2008-04-14 00:12 88576 AD188BE7BDF94E8DF4CA0A55C00A5073 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\rasauto.dll
[-] 2004-08-04 12:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-03_14.48.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-04 11:40 . 2009-08-04 11:40 16384 c:\windows\temp\Perflib_Perfdata_2a0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\documents and settings\klarka\Desktop\Skype\Phone\Skype.exe" [2007-05-18 23423528]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"DetectTray"="c:\program files\Genius\TVGo DVB-T02PRO\DetectTray.exe" [2007-09-21 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2009-03-17 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-25 1451264]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2005-08-31 49152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-03-17 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2009-03-17 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Hry\\Couter strike\\hl.exe"=
"d:\\Hry\\Dune 2000\\DUNE2000.DAT"=
"c:\\Documents and Settings\\klarka\\Desktop\\Skype\\Phone\\Skype.exe"=

R0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys [x]
R3 EC168BDA;TVGo DVB-T02PRO;c:\windows\system32\DRIVERS\EC168BDA.sys [2007-05-18 67968]
R3 st3wolf;st3wolf;c:\windows\system32\DRIVERS\st3wolf.sys [x]
S0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS\tffsport.sys [2004-08-03 149376]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-10-25 34824]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-25 468224]

.
Obsah adresáře 'Naplánované úlohy'

2009-08-04 c:\windows\Tasks\User_Feed_Synchronization-{578650F3-06D9-4B92-A34C-A3548BC06A8F}.job
- c:\windows\system32\msfeedssync.exe [2007-12-12 09:51]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
BHO-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
Toolbar-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
WebBrowser-{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.theprizeday.com/today.php
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\klarka\Application Data\Mozilla\Firefox\Profiles\zyzxzyws.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 13:40
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(4012)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\docume~1\klarka\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-04 13:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-04 11:47
ComboFix2.txt 2009-08-03 14:50

Před spuštěním: 10 701 733 888 bytes free
Po spuštění: Volných bajtů: 10 672 893 952

189 --- E O F --- 2009-07-18 18:04