Neviditelné soubory v RECYCLERu na C: ,F: , G: Vyřešeno

[oldman]

A zde je výsledek zAVP Tool:

Je to hrůza. Sken trval přes 11,5hod a na všechny nálezy jsem dával příkaz k vymazání. Ještě po skenu jsem některé složky vymazal ručně. Jsou tam mnohé programy stažené při starší verzi AVG, který nic nehlásil.

Při druhém průchodu složkou C:\RECYCLER jsem zaznamenal že AVP prohledával i onu neviditelnou složku a prohledal všechny soubory v ní ale proběhl je bez povšimnutí. Smazat tyto soubory ani samotná podsložka ještě nejdou. Původní obsah v nich zůstal. Naopak při průchodu System Volume Information na všech discích hlásil viry ale myslím že tam zůstaly i po příkazu k vymazání. Pro smazání nemám přístup.

KAS.txt

10.10.2010 21:28:18 Task started
10.10.2010 23:19:11 Detected: Trojan-Downloader.Win32.Banload.atoq F:\Počítač\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
10.10.2010 23:23:00 Deleted: Trojan-Downloader.Win32.Banload.atoq F:\Počítač\REATOGO-240.exe
10.10.2010 23:26:26 Detected: Trojan-Downloader.Win32.Banload.atoq F:\Počítač\Reatogo\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
10.10.2010 23:26:40 Deleted: Trojan-Downloader.Win32.Banload.atoq F:\Počítač\Reatogo\REATOGO-240.exe
10.10.2010 23:29:09 Detected: Trojan-Downloader.Win32.Banload.atoq F:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000233.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
10.10.2010 23:29:28 Deleted: Trojan-Downloader.Win32.Banload.atoq F:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000233.exe
10.10.2010 23:29:35 Detected: Trojan-Downloader.Win32.Banload.atoq F:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000234.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
10.10.2010 23:29:53 Deleted: Trojan-Downloader.Win32.Banload.atoq F:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000234.exe
10.10.2010 23:40:42 Detected: Packed.Win32.Black.d F:\šifrování\Encryptor\FSESetup.exe/data0000/PE_Patch/ASProtect14
10.10.2010 23:41:12 Detected: Packed.Win32.Black.d F:\šifrování\Encryptor\FSESetup.exe/data0001/PE_Patch/ASProtect14
10.10.2010 23:41:17 Detected: Packed.Win32.Black.d F:\šifrování\Encryptor\FSESetup.exe/data0002/PE_Patch/ASProtect14
10.10.2010 23:41:29 Deleted: Packed.Win32.Black.d F:\šifrování\Encryptor\FSESetup.exe
10.10.2010 23:41:47 Detected: Trojan.Win32.Agent.ewjc G:\1A-Dok\DBaze\DBFExplorer.exe
10.10.2010 23:42:06 Deleted: Trojan.Win32.Agent.ewjc G:\1A-Dok\DBaze\DBFExplorer.exe
11.10.2010 0:35:26 Detected: Trojan-Downloader.Win32.Banload.atoq G:\1D záloha F\Místní disk (F)\Počítač\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 0:48:35 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\1D záloha F\Místní disk (F)\Počítač\REATOGO-240.exe
11.10.2010 0:49:30 Detected: Trojan-Downloader.Win32.Banload.atoq G:\1D záloha F\Místní disk (F)\Počítač\Reatogo\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 0:50:31 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\1D záloha F\Místní disk (F)\Počítač\Reatogo\REATOGO-240.exe
11.10.2010 0:54:56 Detected: Packed.Win32.Black.d G:\1D záloha F\Místní disk (F)\šifrování\Encryptor\FSESetup.exe/data0000/PE_Patch/ASProtect14
11.10.2010 0:55:32 Detected: Packed.Win32.Black.d G:\1D záloha F\Místní disk (F)\šifrování\Encryptor\FSESetup.exe/data0001/PE_Patch/ASProtect14
11.10.2010 0:55:36 Detected: Packed.Win32.Black.d G:\1D záloha F\Místní disk (F)\šifrování\Encryptor\FSESetup.exe/data0002/PE_Patch/ASProtect14
11.10.2010 0:55:44 Deleted: Packed.Win32.Black.d G:\1D záloha F\Místní disk (F)\šifrování\Encryptor\FSESetup.exe
11.10.2010 1:30:58 Detected: Trojan-Spy.Win32.ProAgent.dz G:\Další programy\_DVD\grafika_web\gifgen11\5355_7336.exe
11.10.2010 1:32:53 Deleted: Trojan-Spy.Win32.ProAgent.dz G:\Další programy\_DVD\grafika_web\gifgen11\5355_7336.exe
11.10.2010 2:00:39 Detected: Trojan.Win32.Agent.ctgd G:\Další programy\_DVD\ostatni\DVDFabPlatinum3050.exe/data0000/PE_Patch/ASProtect
11.10.2010 2:39:47 Deleted: Trojan.Win32.Agent.ctgd G:\Další programy\_DVD\ostatni\DVDFabPlatinum3050.exe
11.10.2010 3:13:02 Detected: not-a-virus:AdWare.Win32.CommonName.by G:\Další programy\_DVD\ostatni\CloneCD\SetupCloneCD.exe
11.10.2010 3:16:02 Detected: Trojan.Win32.Agent.ebtz G:\Další programy\_DVD\ostatni\DVDFab Decrypter\DVDFabDecrypter3033Beta.exe/data0000
11.10.2010 3:27:33 Detected: HEUR:Worm.Win32.Generic G:\Další programy\_DVD\ostatni\TurboCAD Pro v4.1 Learning Edition\QuickTour\SCPLAYNT.EXE
11.10.2010 4:05:08 Deleted: not-a-virus:AdWare.Win32.CommonName.by G:\Další programy\_DVD\ostatni\CloneCD\SetupCloneCD.exe
11.10.2010 4:05:11 Deleted: Trojan.Win32.Agent.ebtz G:\Další programy\_DVD\ostatni\DVDFab Decrypter\DVDFabDecrypter3033Beta.exe
11.10.2010 4:05:20 Deleted: HEUR:Worm.Win32.Generic G:\Další programy\_DVD\ostatni\TurboCAD Pro v4.1 Learning Edition\QuickTour\SCPLAYNT.EXE
11.10.2010 4:07:32 Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\Další programy\_DVD\ostatni\zip_it_fast20\zipset2.exe/gate.exe/PECompact
11.10.2010 4:12:41 Detected: not-a-virus:AdWare.Win32.JumpGate.a G:\Další programy\_DVD\ostatni\zip_it_fast20\zipset2.exe/Thank.exe/PECompact
11.10.2010 4:12:41 Deleted: not-a-virus:AdWare.Win32.JumpGate.a G:\Další programy\_DVD\ostatni\zip_it_fast20\zipset2.exe
11.10.2010 4:14:54 Detected: not-a-virus:AdWare.Win32.SaveNow.bx G:\Další programy\_DVD\ovladace\kodeky\GDiVX1.9.9.6\GDiVX1.9.9.6.exe/data0007
11.10.2010 4:14:56 Detected: not-a-virus:AdWare.Win32.SaveNow.aa G:\Další programy\_DVD\ovladace\kodeky\global_DivX\gdivx.exe/data0010/SaveNow.exe
11.10.2010 4:16:38 Detected: not-a-virus:AdWare.Win32.SaveNow.au G:\Další programy\_DVD\ovladace\kodeky\global_DivX\gdivx.exe/data0010/Uninst.exe
11.10.2010 4:16:38 Deleted: not-a-virus:AdWare.Win32.SaveNow.au G:\Další programy\_DVD\ovladace\kodeky\global_DivX\gdivx.exe
11.10.2010 4:16:39 Detected: not-a-virus:AdWare.Win32.NewDotNet.d G:\Další programy\_DVD\ovladace\kodeky\GDiVX1.9.9.6\GDiVX1.9.9.6.exe/data0010
11.10.2010 4:16:39 Deleted: not-a-virus:AdWare.Win32.NewDotNet.d G:\Další programy\_DVD\ovladace\kodeky\GDiVX1.9.9.6\GDiVX1.9.9.6.exe
11.10.2010 4:23:32 Detected: Trojan.Win32.Agent.dkai G:\ELEKTRO 40\Autoradia\ford_LCA.exe
11.10.2010 4:23:36 Detected: Trojan.Win32.Agent.dkai G:\ELEKTRO 40\Autoradia\ford-dekodéry\ford_lca.zip/ford_LCA.exe
11.10.2010 4:23:38 Detected: Trojan.Win32.Agent.dkai G:\ELEKTRO 40\Autoradia\ford-dekodéry\fordlca\ford_LCA.exe
11.10.2010 4:24:22 Deleted: Trojan.Win32.Agent.dkai G:\ELEKTRO 40\Autoradia\ford_LCA.exe
11.10.2010 4:24:23 Deleted: Trojan.Win32.Agent.dkai G:\ELEKTRO 40\Autoradia\ford-dekodéry\ford_lca.zip/ford_LCA.exe
11.10.2010 4:24:35 Deleted: Trojan.Win32.Agent.dkai G:\ELEKTRO 40\Autoradia\ford-dekodéry\fordlca\ford_LCA.exe
11.10.2010 5:09:26 Detected: Backdoor.Win32.Rbot.afjo G:\Fonty\fonts\FontExpertSetup.exe/data0000.res/FontExpertReg.exe
11.10.2010 5:12:44 Detected: Backdoor.Win32.Rbot.afjo G:\Fonty\fonts\FontExpertSetup.exe/# By hash
11.10.2010 5:12:45 Deleted: Backdoor.Win32.Rbot.afjo G:\Fonty\fonts\FontExpertSetup.exe
11.10.2010 5:23:44 Detected: Packed.Win32.Black.d G:\Kódovací pgm\šifrování\Encryptor\FSESetup.exe/data0000/PE_Patch/ASProtect14
11.10.2010 5:24:28 Detected: Packed.Win32.Black.d G:\Kódovací pgm\šifrování\Encryptor\FSESetup.exe/data0001/PE_Patch/ASProtect14
11.10.2010 5:24:30 Detected: Packed.Win32.Black.d G:\Kódovací pgm\šifrování\Encryptor\FSESetup.exe/data0002/PE_Patch/ASProtect14
11.10.2010 5:24:33 Deleted: Packed.Win32.Black.d G:\Kódovací pgm\šifrování\Encryptor\FSESetup.exe
11.10.2010 5:40:25 Detected: not-a-virus:AdWare.Win32.SaveNow.z G:\ozvučení\různé utility z Netu\30wallpapers.exe/data0031/data0001.cab/VVSN.exe
11.10.2010 5:44:06 Detected: not-a-virus:AdWare.Win32.NewDotNet G:\ozvučení\různé utility z Netu\30wallpapers.exe/data0033
11.10.2010 5:44:06 Deleted: not-a-virus:AdWare.Win32.NewDotNet G:\ozvučení\různé utility z Netu\30wallpapers.exe
11.10.2010 6:03:43 Detected: HackTool.Win32.John G:\Programování\Programování\HexEditor\john-16w.zip/john-16/run/john.exe
11.10.2010 6:04:26 Deleted: HackTool.Win32.John G:\Programování\Programování\HexEditor\john-16w.zip/john-16/run/john.exe
11.10.2010 6:09:22 Detected: Backdoor.Win32.Bredolab.fjq G:\programy\DVD Copy\InstantCopy8.0.3_TryandBuy.exe/InstantCopy1.cab/ICopy.exe
11.10.2010 6:09:32 Detected: not-a-virus:AdWare.Win32.Gator.4104 G:\programy\DVD Copy\podtitulky\Gordian.Knot.Codec.Pack.1.6.Setup.exe/data0008/#
11.10.2010 6:10:35 Detected: not-a-virus:AdWare.Win32.CommonName.bn G:\programy\mechaniky\clone\SetupCloneCD4013.exe
11.10.2010 6:11:34 Deleted: not-a-virus:AdWare.Win32.CommonName.bn G:\programy\mechaniky\clone\SetupCloneCD4013.exe
11.10.2010 6:11:36 Detected: not-a-virus:AdWare.Win32.CommonName.bk G:\programy\mechaniky\clone\SetupCloneCDLangPack4013.exe
11.10.2010 6:11:41 Deleted: not-a-virus:AdWare.Win32.Gator.4104 G:\programy\DVD Copy\podtitulky\Gordian.Knot.Codec.Pack.1.6.Setup.exe
11.10.2010 6:11:46 Deleted: Backdoor.Win32.Bredolab.fjq G:\programy\DVD Copy\InstantCopy8.0.3_TryandBuy.exe
11.10.2010 6:11:51 Detected: not-a-virus:AdWare.Win32.Dap.g G:\programy\NET\downloadacc.exe/WISE0021.BIN/dapiebar.dll
11.10.2010 6:12:53 Deleted: not-a-virus:AdWare.Win32.CommonName.bk G:\programy\mechaniky\clone\SetupCloneCDLangPack4013.exe
11.10.2010 6:13:04 Deleted: not-a-virus:AdWare.Win32.Dap.g G:\programy\NET\downloadacc.exe
11.10.2010 6:13:27 Detected: Trojan-Proxy.Win32.Agent.cjt G:\programy\ziprar\winzip.9.0.beta.5480.keygen-tsrh.zip/keygen.exe/UPX/PE_Patch
11.10.2010 6:13:36 Deleted: Trojan-Proxy.Win32.Agent.cjt G:\programy\ziprar\winzip.9.0.beta.5480.keygen-tsrh.zip/keygen.exe
11.10.2010 6:16:14 Detected: Trojan.Win32.Agent.ewjc G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000236.exe
11.10.2010 6:16:15 Detected: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000237.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 6:16:23 Deleted: Trojan.Win32.Agent.ewjc G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000236.exe
11.10.2010 6:16:38 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000237.exe
11.10.2010 6:16:46 Detected: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000238.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 6:17:06 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000238.exe
11.10.2010 6:17:09 Detected: Packed.Win32.Black.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000239.exe/data0000/PE_Patch/ASProtect14
11.10.2010 6:17:21 Detected: Packed.Win32.Black.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000239.exe/data0001/PE_Patch/ASProtect14
11.10.2010 6:17:25 Detected: Packed.Win32.Black.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000239.exe/data0002/PE_Patch/ASProtect14
11.10.2010 6:17:32 Deleted: Packed.Win32.Black.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000239.exe
11.10.2010 6:17:34 Detected: Trojan-Spy.Win32.ProAgent.dz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000240.exe
11.10.2010 6:17:37 Detected: Trojan.Win32.Agent.ctgd G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000241.exe/data0000/PE_Patch/ASProtect
11.10.2010 6:17:52 Deleted: Trojan-Spy.Win32.ProAgent.dz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000240.exe
11.10.2010 6:17:58 Deleted: Trojan.Win32.Agent.ctgd G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000241.exe
11.10.2010 6:18:00 Detected: HEUR:Worm.Win32.Generic G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000244.EXE
11.10.2010 6:18:00 Detected: not-a-virus:AdWare.Win32.CommonName.by G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000242.exe
11.10.2010 6:18:00 Detected: Trojan.Win32.Agent.ebtz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000243.exe/data0000
11.10.2010 6:18:03 Detected: Packed.Win32.Black.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000251.exe/data0000/PE_Patch/ASProtect14
11.10.2010 6:18:33 Deleted: HEUR:Worm.Win32.Generic G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000244.EXE
11.10.2010 6:18:34 Deleted: not-a-virus:AdWare.Win32.CommonName.by G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000242.exe
11.10.2010 6:18:35 Detected: not-a-virus:AdWare.Win32.SaveNow.aa G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000246.exe/data0010/SaveNow.exe
11.10.2010 6:18:36 Detected: not-a-virus:AdWare.Win32.ShowBehind.a G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000245.exe/gate.exe/PECompact
11.10.2010 6:18:37 Detected: Packed.Win32.Black.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000251.exe/data0001/PE_Patch/ASProtect14
11.10.2010 6:18:38 Deleted: Trojan.Win32.Agent.ebtz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000243.exe
11.10.2010 6:18:39 Detected: not-a-virus:AdWare.Win32.SaveNow.bx G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000247.exe/data0007
11.10.2010 6:18:39 Detected: Packed.Win32.Black.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000251.exe/data0002/PE_Patch/ASProtect14
11.10.2010 6:18:42 Deleted: Packed.Win32.Black.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000251.exe
11.10.2010 6:19:06 Detected: not-a-virus:AdWare.Win32.SaveNow.au G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000246.exe/data0010/Uninst.exe
11.10.2010 6:19:06 Deleted: not-a-virus:AdWare.Win32.SaveNow.au G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000246.exe
11.10.2010 6:19:06 Detected: not-a-virus:AdWare.Win32.JumpGate.a G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000245.exe/Thank.exe/PECompact
11.10.2010 6:19:06 Deleted: not-a-virus:AdWare.Win32.JumpGate.a G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000245.exe
11.10.2010 6:19:06 Detected: Trojan.Win32.Agent.dkai G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000248.exe
11.10.2010 6:19:07 Detected: Trojan.Win32.Agent.dkai G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000249.exe
11.10.2010 6:19:07 Detected: not-a-virus:AdWare.Win32.NewDotNet.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000247.exe/data0010
11.10.2010 6:19:07 Deleted: not-a-virus:AdWare.Win32.NewDotNet.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000247.exe
11.10.2010 6:19:27 Deleted: Trojan.Win32.Agent.dkai G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000248.exe
11.10.2010 6:19:31 Deleted: Trojan.Win32.Agent.dkai G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000249.exe
11.10.2010 6:19:32 Detected: not-a-virus:AdWare.Win32.CommonName.bn G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000253.exe
11.10.2010 6:19:33 Detected: not-a-virus:AdWare.Win32.SaveNow.z G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000252.exe/data0031/data0001.cab/VVSN.exe
11.10.2010 6:19:35 Detected: Backdoor.Win32.Rbot.afjo G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000250.exe/data0000.res/FontExpertReg.exe
11.10.2010 6:20:03 Deleted: not-a-virus:AdWare.Win32.CommonName.bn G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000253.exe
11.10.2010 6:20:06 Detected: not-a-virus:AdWare.Win32.NewDotNet G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000252.exe/data0033
11.10.2010 6:20:06 Deleted: not-a-virus:AdWare.Win32.NewDotNet G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000252.exe
11.10.2010 6:20:09 Detected: Backdoor.Win32.Rbot.afjo G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000250.exe/# By hash
11.10.2010 6:20:11 Detected: not-a-virus:AdWare.Win32.Gator.4104 G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000254.exe/data0008/#
11.10.2010 6:20:11 Deleted: Backdoor.Win32.Rbot.afjo G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000250.exe
11.10.2010 6:20:11 Detected: not-a-virus:AdWare.Win32.CommonName.bk G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000256.exe
11.10.2010 6:20:36 Deleted: not-a-virus:AdWare.Win32.CommonName.bk G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000256.exe
11.10.2010 6:20:38 Detected: Backdoor.Win32.Bredolab.fjq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000255.exe/InstantCopy1.cab/ICopy.exe
11.10.2010 6:20:39 Detected: not-a-virus:AdWare.Win32.Dap.g G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000257.exe/WISE0021.BIN/dapiebar.dll
11.10.2010 6:21:09 Deleted: not-a-virus:AdWare.Win32.Gator.4104 G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000254.exe
11.10.2010 6:21:21 Deleted: not-a-virus:AdWare.Win32.Dap.g G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000257.exe
11.10.2010 6:21:27 Deleted: Backdoor.Win32.Bredolab.fjq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000255.exe
11.10.2010 6:23:49 Detected: not-a-virus:AdWare.Win32.SaveNow.z G:\text to speech\různé utility z Netu\30wallpapers.exe/data0031/data0001.cab/VVSN.exe
11.10.2010 6:23:58 Detected: not-a-virus:AdWare.Win32.NewDotNet G:\text to speech\různé utility z Netu\30wallpapers.exe/data0033
11.10.2010 6:23:58 Deleted: not-a-virus:AdWare.Win32.NewDotNet G:\text to speech\různé utility z Netu\30wallpapers.exe
11.10.2010 6:26:15 Detected: Email-Worm.Win32.Josam.d G:\TuneUp Utilities 2004\IcsDel60.bpl
11.10.2010 6:26:19 Detected: Email-Worm.Win32.Josam.d G:\TuneUp Utilities 2004\WIS2C3738C956FA410ABCB579C5DFD238F0_4_1_2318.MSI/Cabs.w1.cab/IcsDel60.bpl
11.10.2010 6:26:37 Deleted: Email-Worm.Win32.Josam.d G:\TuneUp Utilities 2004\IcsDel60.bpl
11.10.2010 6:27:14 Deleted: Email-Worm.Win32.Josam.d G:\TuneUp Utilities 2004\WIS2C3738C956FA410ABCB579C5DFD238F0_4_1_2318.MSI
11.10.2010 6:29:02 Detected: Trojan-Proxy.Win32.Agent.cjt G:\WinZip\winzip.9.0.beta.5480.keygen-tsrh.zip/keygen.exe/UPX/PE_Patch
11.10.2010 6:29:10 Deleted: Trojan-Proxy.Win32.Agent.cjt G:\WinZip\winzip.9.0.beta.5480.keygen-tsrh.zip/keygen.exe
11.10.2010 6:29:15 Detected: Trojan-Proxy.Win32.Agent.cjt G:\WinZip\winzip81\keygen.exe/UPX/PE_Patch
11.10.2010 6:29:23 Deleted: Trojan-Proxy.Win32.Agent.cjt G:\WinZip\winzip81\keygen.exe
11.10.2010 6:41:18 Detected: Trojan-Downloader.Win32.Banload.atoq G:\XP\Počítač legalizátor zavádění z flashe\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 6:41:51 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\XP\Počítač legalizátor zavádění z flashe\REATOGO-240.exe
11.10.2010 6:41:56 Detected: Trojan-Downloader.Win32.Banload.atoq G:\XP\Počítač legalizátor zavádění z flashe\Počítač\Reatogo\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 6:42:19 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\XP\Počítač legalizátor zavádění z flashe\Počítač\Reatogo\REATOGO-240.exe
11.10.2010 6:43:57 Detected: Trojan-Downloader.Win32.Banload.atoq G:\XP\TipyTriky\Počítač\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 6:44:13 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\XP\TipyTriky\Počítač\REATOGO-240.exe
11.10.2010 6:59:11 Detected: HackTool.Win32.PassDic.ay G:\Zdrojové soubory\DVDcreator\ultra_dvdcreator.exe/data0000/Molebox
11.10.2010 6:59:39 Deleted: HackTool.Win32.PassDic.ay G:\Zdrojové soubory\DVDcreator\ultra_dvdcreator.exe
11.10.2010 7:03:44 Detected: Trojan-Downloader.Win32.Delf.aarz G:\zálohování dat na HD\BackUp2005\azguard21.zip/bk5setup.exe/data0027
11.10.2010 7:04:12 Deleted: Trojan-Downloader.Win32.Delf.aarz G:\zálohování dat na HD\BackUp2005\azguard21.zip/bk5setup.exe
11.10.2010 7:05:25 Detected: Trojan-Banker.Win32.Banker.dtq G:\zálohování dat na HD\cb5setup.exe/data0003
11.10.2010 7:05:31 Detected: Trojan-Downloader.Win32.Delf.aarz G:\zálohování dat na HD\bks2005.exe/data0013
11.10.2010 7:05:50 Detected: Trojan-Banker.Win32.Banker.xxl G:\zálohování dat na HD\cb5setup.exe/data0004
11.10.2010 7:05:54 Deleted: Trojan-Banker.Win32.Banker.xxl G:\zálohování dat na HD\cb5setup.exe
11.10.2010 7:06:02 Deleted: Trojan-Downloader.Win32.Delf.aarz G:\zálohování dat na HD\bks2005.exe
11.10.2010 7:06:33 Detected: Trojan-Downloader.Win32.Delf.aarz G:\zálohování dat na HD\BackUp2005\bk5setup.exe/data0027
11.10.2010 7:06:39 Detected: Trojan-Downloader.Win32.Delf.aarz G:\zálohování dat na HD\BackUp2005\bks2005.exe/data0013
11.10.2010 7:06:55 Deleted: Trojan-Downloader.Win32.Delf.aarz G:\zálohování dat na HD\BackUp2005\bk5setup.exe
11.10.2010 7:07:05 Deleted: Trojan-Downloader.Win32.Delf.aarz G:\zálohování dat na HD\BackUp2005\bks2005.exe
11.10.2010 7:45:27 Detected: Packed.Win32.Black.d F:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000235.exe/data0000/PE_Patch/ASProtect14
11.10.2010 7:45:36 Detected: Packed.Win32.Black.d F:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000235.exe/data0001/PE_Patch/ASProtect14
11.10.2010 7:45:39 Detected: Packed.Win32.Black.d F:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000235.exe/data0002/PE_Patch/ASProtect14
11.10.2010 7:45:46 Deleted: Packed.Win32.Black.d F:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000235.exe
11.10.2010 8:55:31 Detected: Trojan-Proxy.Win32.Agent.cjt G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000260.exe/UPX/PE_Patch
11.10.2010 8:55:37 Detected: not-a-virus:AdWare.Win32.SaveNow.z G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000258.exe/data0031/data0001.cab/VVSN.exe
11.10.2010 8:55:38 Detected: Email-Worm.Win32.Josam.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000259.MSI/Cabs.w1.cab/IcsDel60.bpl
11.10.2010 8:55:40 Detected: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000261.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 8:55:45 Detected: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000262.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 8:56:00 Deleted: Trojan-Proxy.Win32.Agent.cjt G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000260.exe
11.10.2010 8:56:30 Detected: not-a-virus:AdWare.Win32.NewDotNet G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000258.exe/data0033
11.10.2010 8:56:30 Deleted: not-a-virus:AdWare.Win32.NewDotNet G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000258.exe
11.10.2010 8:56:37 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000261.exe
11.10.2010 8:56:40 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000262.exe
11.10.2010 8:56:47 Deleted: Email-Worm.Win32.Josam.d G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000259.MSI
11.10.2010 8:56:48 Detected: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000263.exe/REATOGO-240/plugin/AUTOHELP/Files/Tools/reatogoFile2Cmd.exe
11.10.2010 8:57:02 Deleted: Trojan-Downloader.Win32.Banload.atoq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000263.exe
11.10.2010 8:57:06 Detected: HackTool.Win32.PassDic.ay G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000264.exe/data0000/Molebox
11.10.2010 8:57:06 Detected: Trojan-Banker.Win32.Banker.dtq G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000265.exe/data0003
11.10.2010 8:57:29 Detected: Trojan-Banker.Win32.Banker.xxl G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000265.exe/data0004
11.10.2010 8:57:31 Deleted: HackTool.Win32.PassDic.ay G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000264.exe
11.10.2010 8:57:36 Deleted: Trojan-Banker.Win32.Banker.xxl G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000265.exe
11.10.2010 8:57:38 Detected: Trojan-Downloader.Win32.Delf.aarz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000266.exe/data0013
11.10.2010 8:57:59 Detected: Trojan-Downloader.Win32.Delf.aarz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000267.exe/data0027
11.10.2010 8:58:00 Detected: Trojan-Downloader.Win32.Delf.aarz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000268.exe/data0013
11.10.2010 8:58:20 Deleted: Trojan-Downloader.Win32.Delf.aarz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000266.exe
11.10.2010 8:58:20 Deleted: Trojan-Downloader.Win32.Delf.aarz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000267.exe
11.10.2010 8:58:28 Deleted: Trojan-Downloader.Win32.Delf.aarz G:\System Volume Information\_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}\RP1\A0000268.exe
11.10.2010 9:03:25 Task completed

Je to neuvěřitelně resistentní.

[Reklama]

[jaro3]

Všechny ty uvedené programy bych dal smazat, vystavuješ se riziku obnovení nákaz...


--Vypni si obnovu systému----restartuj PC----zase si obnovu systému zapini.
System Volume Information---by se měl vyprázdnit , zkontroluj.

Pokud si odinstaloval Combofix:

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna Ale nespouštěj ho!!

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

DirLook::
C:\RECYCLER
F:\RECYCLER
G:\RECYCLER

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[oldman]

Soubory které byly nakaženy jsem smazal pomocí Virus Removal Tool hned jak je našel. Pak jsem ještě smazal některé prázdné adresáře které po něm zbyly a pokud tam nebyl jiný dobrý program, tak se vším co tam bylo.

System volume inf. na C: nebyl prázdný, objevily se :
Složka _restore{94E3F77C-D47E-4E64-8FC5-72484725C9BA}
_restore{766BADD7-8DB3-4BB8-A886-A797BB769785}
MountPointManagerRemoteDatabase
setup_9.0.0.722_10.10.2010_20-35drv.isw
tracking.log

Vložil bych obrázek ale nepřišel jsem na to jak pracuje tlač. "Img."

Recyclery na F a G jsou nepřístupné. Použiji ještě RootKit Revealer který ukáže co tam je.
Vypnut Awast na hlav. panelu ale bohužel nevypnul jsem res.prog. Defender v msconfig. Jestli to vadí provedu vše znovu.
Tak zde je log z ComboFix:

ComboFix 10-10-10.02 - J.H 11.10.2010 16:08:38.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.565 [GMT 2:00]
Spuštěný z: c:\documents and settings\J.H\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\J.H\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-11 07:12 . 2010-10-11 07:12 7168 ----a-w- c:\windows\system32\drivers\ute2ndq3.sys
2010-10-10 19:25 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\03848252.sys
2010-10-10 19:25 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\0384825.sys
2010-10-10 19:25 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\03848251.sys
2010-10-10 19:21 . 2010-10-10 19:21 -------- d-----w- C:\_OTL
2010-10-09 08:48 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-09 08:48 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-09 08:48 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-09 08:48 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-09 08:48 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-09 08:48 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-09 08:48 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-09 08:48 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-09 08:48 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-09 08:48 . 2010-10-09 08:48 -------- d-----w- c:\program files\Alwil Software
2010-10-09 08:48 . 2010-10-09 08:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-08 21:02 . 2010-10-10 12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 14:17 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{D2BAEF5E-B159-4D97-A9C0-6CB1B25DBEBD}\mpengine.dll
2010-10-08 00:56 . 2010-10-08 00:56 -------- d-----w- c:\documents and settings\J.H\Local Settings\Data aplikací\Pmcc
2010-10-08 00:56 . 2010-10-08 00:56 -------- d-----w- c:\documents and settings\J.H\Data aplikací\Pmcc
2010-10-08 00:00 . 2010-10-08 00:00 -------- d-----w- c:\documents and settings\J.H\Data aplikací\URSoft
2010-10-07 23:54 . 2010-10-08 00:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Autorun Eater
2010-10-07 23:37 . 2010-10-07 23:37 -------- d-----w- c:\documents and settings\Administrator
2010-10-05 12:18 . 2010-10-05 12:18 -------- d-----w- c:\program files\IObit
2010-10-05 12:18 . 2010-10-05 12:18 -------- d-----w- c:\documents and settings\J.H\Data aplikací\IObit
2010-10-03 18:16 . 2010-10-08 21:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-10-01 07:08 . 2010-10-01 07:08 -------- d-----r- c:\documents and settings\LocalService\Dokumenty

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\RECYCLER ----

2010-10-09 20:42 . 2010-10-11 14:06 65 --sh--w- c:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003\desktop.ini
2010-10-09 20:42 . 2010-10-11 14:06 20 ---ha-w- c:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003\INFO2

---- Directory of F:\RECYCLER ----

2010-10-10 17:55 . 2010-10-11 14:06 20 ---ha-w- f:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003\INFO2
2010-10-10 17:55 . 2010-10-11 14:06 65 --sh--w- f:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003\desktop.ini

---- Directory of G:\RECYCLER ----

2010-10-10 17:55 . 2010-10-11 14:06 65 --sh--w- g:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003\desktop.ini
2010-10-10 17:55 . 2010-10-11 14:06 20 ---ha-w- g:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003\INFO2


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 303616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Easy-PrintToolBox.lnk]
backup=c:\windows\pss\Easy-PrintToolBox.lnkCommon Startup
path=c:\documents and settings\All Users\Nabídka Start\Programy\Canon Utilities\Easy-PrintToolBox\Easy-PrintToolBox.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^jetMailMonitor.lnk]
path=c:\documents and settings\J.H\Nabídka Start\Programy\Po spuštění\jetMailMonitor.lnk
backup=c:\windows\pss\jetMailMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^setup_9.0.0.722_10.10.2010_20-35.lnk]
path=c:\documents and settings\J.H\Nabídka Start\Programy\Po spuštění\setup_9.0.0.722_10.10.2010_20-35.lnk
backup=c:\windows\pss\setup_9.0.0.722_10.10.2010_20-35.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^UMAX VistaAccess.lnk]
backup=c:\windows\pss\UMAX VistaAccess.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-16 15:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 19:44 133104 ----atw- c:\documents and settings\J.H\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 16:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10 271360 ----a-w- f:\nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2010-06-09 20:02 1843312 ----a-w- c:\program files\PeerBlock\peerblock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2007-12-04 18:45 916800 ----a-w- c:\program files\RFA\rfagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ------r- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotmauSecretary]
2009-01-01 17:50 569856 ----a-w- f:\spotmau\Desktop_Secretary\Spotmau_S.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svátky a výročí]
2002-11-29 18:12 4749824 ----a-w- c:\documents and settings\J.H\Dokumenty\Svátky a výročí\Vyroci.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 03848252;03848252 Boot Guard Driver;c:\windows\system32\drivers\03848252.sys [10.10.2010 21:25 37392]
R0 xbpublic;FSE File System Filter Driver;c:\windows\system32\drivers\xbpublic.sys [22.7.2010 12:45 16768]
R1 03848251;03848251;c:\windows\system32\drivers\03848251.sys [10.10.2010 21:25 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.10.2010 10:48 165584]
R1 setup_9.0.0.722_10.10.2010_20-35drv;setup_9.0.0.722_10.10.2010_20-35drv;c:\windows\system32\drivers\0384825.sys [10.10.2010 21:25 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.10.2010 10:48 17744]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [1.10.2008 20:26 85868]
R2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [1.10.2008 20:26 120544]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [22.4.2009 16:50 354176]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [20.12.2005 10:57 27008]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5.8.2010 22:38 18544]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [2.10.2008 0:40 30272]
S3 ute2ndq3;AVZ Kernel Driver;c:\windows\system32\drivers\ute2ndq3.sys [11.10.2010 9:12 7168]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.1.2009 14:22 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {2FC354F0-FEB1-47B7-B4E8-672B9406FDB2} = 10.20.60.18,10.20.60.20
FF - ProfilePath - c:\documents and settings\J.H\Data aplikací\Mozilla\Firefox\Profiles\4ynfxv4y.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-562591055-1606980848-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-10-11 16:18:24
ComboFix-quarantined-files.txt 2010-10-11 14:18

Před spuštěním: Volných bajtů: 22 048 849 920
Po spuštění: Volných bajtů: 22 000 775 168

- - End Of File - - 0DFC60B2293BA24D7A9A1AF5B530B643

A zde HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:27, on 11.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\J.H\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [F:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog] F:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6528132875
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC354F0-FEB1-47B7-B4E8-672B9406FDB2}: NameServer = 10.20.60.18,10.20.60.20
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7614 bytes

[jaro3]

Nic nemaž!!

Odinstaluj zase AVP Tool by Kaspersky.
i
Spybot - Search & Destroy---ten je Ti nanic máš antispyware v Avastu5.


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\drivers\ute2ndq3.sys
c:\windows\system32\drivers\03848252.sys
c:\windows\system32\drivers\0384825.sys
c:\windows\system32\drivers\03848251.sys
c:\windows\system32\drivers\0384825.sys

Folder::
c:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003
f:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003
g:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003

Driver::
03848252
03848251
setup_9.0.0.722_10.10.2010_20-35drv
ute2ndq3
0384825


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[oldman]

Nic jsem nemazal. Jinak musím uznat Vaši trpělivost se mnou.

Log z ComboF:

ComboFix 10-10-10.02 - J.H 11.10.2010 21:18:19.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.555 [GMT 2:00]
Spuštěný z: c:\documents and settings\J.H\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\J.H\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\drivers\0384825.sys"
"c:\windows\system32\drivers\03848251.sys"
"c:\windows\system32\drivers\03848252.sys"
"c:\windows\system32\drivers\ute2ndq3.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003
c:\windows\system32\drivers\ute2ndq3.sys
f:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003
g:\recycler\S-1-5-21-1123561945-562591055-1606980848-1003

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_03848251
-------\Legacy_03848252
-------\Legacy_SETUP_9.0.0.722_10.10.2010_20-35DRV
-------\Legacy_UTE2NDQ3
-------\Service_ute2ndq3


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.

2010-10-10 19:21 . 2010-10-10 19:21 -------- d-----w- C:\_OTL
2010-10-09 08:48 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-09 08:48 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-09 08:48 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-09 08:48 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-09 08:48 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-09 08:48 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-09 08:48 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-09 08:48 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-09 08:48 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-09 08:48 . 2010-10-09 08:48 -------- d-----w- c:\program files\Alwil Software
2010-10-09 08:48 . 2010-10-09 08:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-08 21:02 . 2010-10-10 12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 14:17 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{D2BAEF5E-B159-4D97-A9C0-6CB1B25DBEBD}\mpengine.dll
2010-10-08 00:56 . 2010-10-08 00:56 -------- d-----w- c:\documents and settings\J.H\Local Settings\Data aplikací\Pmcc
2010-10-08 00:56 . 2010-10-08 00:56 -------- d-----w- c:\documents and settings\J.H\Data aplikací\Pmcc
2010-10-08 00:00 . 2010-10-08 00:00 -------- d-----w- c:\documents and settings\J.H\Data aplikací\URSoft
2010-10-07 23:54 . 2010-10-08 00:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Autorun Eater
2010-10-07 23:37 . 2010-10-07 23:37 -------- d-----w- c:\documents and settings\Administrator
2010-10-05 12:18 . 2010-10-05 12:18 -------- d-----w- c:\program files\IObit
2010-10-05 12:18 . 2010-10-05 12:18 -------- d-----w- c:\documents and settings\J.H\Data aplikací\IObit
2010-10-03 18:16 . 2010-10-08 21:23 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-10-01 07:08 . 2010-10-11 15:40 -------- d-----r- c:\documents and settings\LocalService\Dokumenty

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 303616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Easy-PrintToolBox.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Canon Utilities\Easy-PrintToolBox\Easy-PrintToolBox.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Windows Search.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^jetMailMonitor.lnk]
path=c:\documents and settings\J.H\Nabídka Start\Programy\jetMailMonitor\jetMailMonitor.lnk
backup=c:\windows\pss\jetMailMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^setup_9.0.0.722_10.10.2010_20-35.lnk]
backup=c:\windows\pss\setup_9.0.0.722_10.10.2010_20-35.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^UMAX VistaAccess.lnk]
backup=c:\windows\pss\UMAX VistaAccess.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-16 15:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 19:44 133104 ----atw- c:\documents and settings\J.H\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 16:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10 271360 ----a-w- f:\nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2010-06-09 20:02 1843312 ----a-w- c:\program files\PeerBlock\peerblock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2007-12-04 18:45 916800 ----a-w- c:\program files\RFA\rfagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ------r- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotmauSecretary]
2009-01-01 17:50 569856 ----a-w- f:\spotmau\Desktop_Secretary\Spotmau_S.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svátky a výročí]
2002-11-29 18:12 4749824 ----a-w- c:\documents and settings\J.H\Dokumenty\Svátky a výročí\Vyroci.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 xbpublic;FSE File System Filter Driver;c:\windows\system32\drivers\xbpublic.sys [22.7.2010 12:45 16768]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.10.2010 10:48 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.10.2010 10:48 17744]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [1.10.2008 20:26 85868]
R2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [1.10.2008 20:26 120544]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [22.4.2009 16:50 354176]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [20.12.2005 10:57 27008]
S3 LHZCXQG;LHZCXQG;c:\docume~1\J.H\LOCALS~1\Temp\LHZCXQG.exe --> c:\docume~1\J.H\LOCALS~1\Temp\LHZCXQG.exe [?]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5.8.2010 22:38 18544]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [2.10.2008 0:40 30272]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.1.2009 14:22 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {2FC354F0-FEB1-47B7-B4E8-672B9406FDB2} = 10.20.60.18,10.20.60.20
FF - ProfilePath - c:\documents and settings\J.H\Data aplikací\Mozilla\Firefox\Profiles\4ynfxv4y.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-562591055-1606980848-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3692)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-10-11 21:30:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-11 19:30

Před spuštěním: Volných bajtů: 22 796 853 248
Po spuštění: Volných bajtů: 22 724 915 200

- - End Of File - - 61C8662D80096CE602D0651FA0520C54


Log z HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:37:33, on 11.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\J.H\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [F:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog] F:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6528132875
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC354F0-FEB1-47B7-B4E8-672B9406FDB2}: NameServer = 10.20.60.18,10.20.60.20
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LHZCXQG - Unknown owner - C:\DOCUME~1\J.H\LOCALS~1\Temp\LHZCXQG.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8103 bytes

Potřebuji vědět zda se mohu po akci podívat na stav v RECYCLERU. Jestli to neovlivní jeho obsah. Také by nikde nemělo nic zůstat po S&D. Ten jsem odinstaloval ještě před zavedením AWAST5. Nic jsem neviděl v Program Files ani v Přidat -Odebrat Programy, takže by to musel být nějaký zapomenutý pozůstatek.

Dík

[jaro3]

do Recycleru se podívat můžeš , pokud si nic nemazal , tak by měl být prázdný..

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)



Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy

Driver::
LHZCXQG

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

[oldman]

Nedíval jsem se do RECYCLERU na C: ale na F: a tam je tento soubor: S-1-5-21-1123561945-562591055-1606980848-1003
Je to stále tentýž soubor který se tvoří od začátku na všech discích stejný, ještě před kontaktem s Vámi. Podle toho co mi ukázal pgm DrCurelt obsahuje soubor INI2 a ještě jeden který si nepamatuji. Ukázal i onu podsložku která normálně není vidět ale všechna tlačítka pro manipulaci byla neaktivní takže se to nedalo smazat. V té neviditelné složce mezi zachycenými obrázky jsou navíc dva soubory které tam zjevně nepatří. Je to vidět ve výpisu z RootKitRevealeru který jsem posílal v našem prvním kontaktu. Takže předpokládám, dokud se v RECYCLERU objevuje shora uvedený soubor tak se nic nezměnilo.
To jen tak na okraj.
Nic jsem nemazal a předpokládám že potřebujete vědět jaké jsou změny po akci takže se řídím jen podle pokynů. Promiňte trochu jsem se zakecal.
Defender jsem vypínal v msconfigu a již to nebudu měnit, snad to stačí.
Ještě dodatek, přišla mi aktualizace Akrobat8 a předpokládám že bych s tím zatím neměl nic dělat ono to přijde i jindy.
Zde log z ComboF:

ComboFix 10-10-10.02 - J.H 12.10.2010 8:46.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.568 [GMT 2:00]
Spuštěný z: c:\documents and settings\J.H\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\J.H\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\ProcCache.sbc
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinAgentieu.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack1.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack10.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack2.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack3.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack4.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack5.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack6.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack7.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack8.zip
c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\WinFraudPack9.zip

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LHZCXQG
-------\Service_LHZCXQG


((((((((((((((((((((((((( Soubory vytvořené od 2010-09-12 do 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-12 06:29 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{94D1CFAD-FCAD-4DC4-A3B2-7E55BC65CB19}\mpengine.dll
2010-10-10 19:21 . 2010-10-10 19:21 -------- d-----w- C:\_OTL
2010-10-09 08:48 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-09 08:48 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-09 08:48 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-09 08:48 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-09 08:48 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-09 08:48 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-09 08:48 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-09 08:48 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-09 08:48 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-09 08:48 . 2010-10-09 08:48 -------- d-----w- c:\program files\Alwil Software
2010-10-09 08:48 . 2010-10-09 08:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-08 21:02 . 2010-10-10 12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 00:56 . 2010-10-08 00:56 -------- d-----w- c:\documents and settings\J.H\Local Settings\Data aplikací\Pmcc
2010-10-08 00:56 . 2010-10-08 00:56 -------- d-----w- c:\documents and settings\J.H\Data aplikací\Pmcc
2010-10-08 00:00 . 2010-10-08 00:00 -------- d-----w- c:\documents and settings\J.H\Data aplikací\URSoft
2010-10-07 23:54 . 2010-10-08 00:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Autorun Eater
2010-10-07 23:37 . 2010-10-07 23:37 -------- d-----w- c:\documents and settings\Administrator
2010-10-05 12:18 . 2010-10-05 12:18 -------- d-----w- c:\program files\IObit
2010-10-05 12:18 . 2010-10-05 12:18 -------- d-----w- c:\documents and settings\J.H\Data aplikací\IObit
2010-10-01 07:08 . 2010-10-11 15:40 -------- d-----r- c:\documents and settings\LocalService\Dokumenty

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 303616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Easy-PrintToolBox.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Canon Utilities\Easy-PrintToolBox\Easy-PrintToolBox.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Windows Search.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^jetMailMonitor.lnk]
path=c:\documents and settings\J.H\Nabídka Start\Programy\jetMailMonitor\jetMailMonitor.lnk
backup=c:\windows\pss\jetMailMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^setup_9.0.0.722_10.10.2010_20-35.lnk]
backup=c:\windows\pss\setup_9.0.0.722_10.10.2010_20-35.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^UMAX VistaAccess.lnk]
backup=c:\windows\pss\UMAX VistaAccess.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-16 15:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 19:44 133104 ----atw- c:\documents and settings\J.H\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 16:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10 271360 ----a-w- f:\nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2010-06-09 20:02 1843312 ----a-w- c:\program files\PeerBlock\peerblock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2007-12-04 18:45 916800 ----a-w- c:\program files\RFA\rfagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ------r- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotmauSecretary]
2009-01-01 17:50 569856 ----a-w- f:\spotmau\Desktop_Secretary\Spotmau_S.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svátky a výročí]
2002-11-29 18:12 4749824 ----a-w- c:\documents and settings\J.H\Dokumenty\Svátky a výročí\Vyroci.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 xbpublic;FSE File System Filter Driver;c:\windows\system32\drivers\xbpublic.sys [22.7.2010 12:45 16768]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.10.2010 10:48 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.10.2010 10:48 17744]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [1.10.2008 20:26 85868]
R2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [1.10.2008 20:26 120544]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [22.4.2009 16:50 354176]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [20.12.2005 10:57 27008]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5.8.2010 22:38 18544]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [2.10.2008 0:40 30272]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.1.2009 14:22 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {2FC354F0-FEB1-47B7-B4E8-672B9406FDB2} = 10.20.60.18,10.20.60.20
FF - ProfilePath - c:\documents and settings\J.H\Data aplikací\Mozilla\Firefox\Profiles\4ynfxv4y.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-562591055-1606980848-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Canon\CAL\CALMAIN.exe
.
**************************************************************************
.
Celkový čas: 2010-10-12 08:57:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-12 06:57

Před spuštěním: Volných bajtů: 22 631 477 248
Po spuštění: Volných bajtů: 22 616 776 704

- - End Of File - - D4335AA4580DA5B64EF27428D5BFDB01

a zde nový z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:59:56, on 12.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\J.H\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [F:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog] F:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6528132875
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC354F0-FEB1-47B7-B4E8-672B9406FDB2}: NameServer = 10.20.60.18,10.20.60.20
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7802 bytes

[oldman]

Ještě prosím až budete posílat další instrukce, jestli mám smazat ty stopy po S&D v dok & setings.

[jaro3]

jestli mám smazat ty stopy po S&D v dok & setings.----Tam jsme to mazali ne? Jwestli tam něco o S&D máš , můžeš smazat.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\recycler
f:\recycler
g:\recycler


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

[oldman]

Pravda to byla moje nepozornost, Stopy po S&D jsou pryč.

Dále po akci zůstaly na F: a G: v RECYCLERU soubor který jsem popsal c: je prázdné ale nezkoušel jsem se dívat jestli obsahuje to co není vidět.

Tady log z ComboF

ComboFix 10-10-10.02 - J.H 12.10.2010 14:20:21.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.595 [GMT 2:00]
Spuštěný z: c:\documents and settings\J.H\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\J.H\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-12 do 2010-10-12 )))))))))))))))))))))))))))))))
.

2010-10-12 06:29 . 2010-09-09 22:52 6084944 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Windows Defender\Definition Updates\{94D1CFAD-FCAD-4DC4-A3B2-7E55BC65CB19}\mpengine.dll
2010-10-10 19:21 . 2010-10-10 19:21 -------- d-----w- C:\_OTL
2010-10-09 08:48 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-09 08:48 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-09 08:48 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-09 08:48 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-09 08:48 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-09 08:48 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-09 08:48 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-09 08:48 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-09 08:48 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-09 08:48 . 2010-10-09 08:48 -------- d-----w- c:\program files\Alwil Software
2010-10-09 08:48 . 2010-10-09 08:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-10-08 21:02 . 2010-10-10 12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 00:56 . 2010-10-08 00:56 -------- d-----w- c:\documents and settings\J.H\Local Settings\Data aplikací\Pmcc
2010-10-08 00:56 . 2010-10-08 00:56 -------- d-----w- c:\documents and settings\J.H\Data aplikací\Pmcc
2010-10-08 00:00 . 2010-10-08 00:00 -------- d-----w- c:\documents and settings\J.H\Data aplikací\URSoft
2010-10-07 23:54 . 2010-10-08 00:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Autorun Eater
2010-10-07 23:37 . 2010-10-07 23:37 -------- d-----w- c:\documents and settings\Administrator
2010-10-05 12:18 . 2010-10-05 12:18 -------- d-----w- c:\program files\IObit
2010-10-05 12:18 . 2010-10-05 12:18 -------- d-----w- c:\documents and settings\J.H\Data aplikací\IObit
2010-10-01 07:08 . 2010-10-11 15:40 -------- d-----r- c:\documents and settings\LocalService\Dokumenty

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 303616]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Synchronizer.lnk]
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Easy-PrintToolBox.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Canon Utilities\Easy-PrintToolBox\Easy-PrintToolBox.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Windows Search.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^WinZip Quick Pick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^jetMailMonitor.lnk]
path=c:\documents and settings\J.H\Nabídka Start\Programy\jetMailMonitor\jetMailMonitor.lnk
backup=c:\windows\pss\jetMailMonitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^setup_9.0.0.722_10.10.2010_20-35.lnk]
backup=c:\windows\pss\setup_9.0.0.722_10.10.2010_20-35.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^J.H^Nabídka Start^Programy^Po spuštění^UMAX VistaAccess.lnk]
backup=c:\windows\pss\UMAX VistaAccess.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-06-16 15:20 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-08-10 13:10 2349776 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-02 19:44 133104 ----atw- c:\documents and settings\J.H\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 20:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 16:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10 271360 ----a-w- f:\nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2010-06-09 20:02 1843312 ----a-w- c:\program files\PeerBlock\peerblock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 20:26 68640 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
2007-12-04 18:45 916800 ----a-w- c:\program files\RFA\rfagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-08-02 21:12 577536 ------r- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotmauSecretary]
2009-01-01 17:50 569856 ----a-w- f:\spotmau\Desktop_Secretary\Spotmau_S.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svátky a výročí]
2002-11-29 18:12 4749824 ----a-w- c:\documents and settings\J.H\Dokumenty\Svátky a výročí\Vyroci.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

R0 xbpublic;FSE File System Filter Driver;c:\windows\system32\drivers\xbpublic.sys [22.7.2010 12:45 16768]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.10.2010 10:48 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.10.2010 10:48 17744]
R2 PPCLASS;PPCLASS;c:\windows\system32\drivers\ppclass.sys [1.10.2008 20:26 85868]
R2 PPSCAN;PPSCAN;c:\windows\system32\drivers\ppscan.sys [1.10.2008 20:26 120544]
R2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [22.4.2009 16:50 354176]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\drivers\aexpamdrv.sys [20.12.2005 10:57 27008]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [5.8.2010 22:38 18544]
S3 usb2vcom;Nokia CA-42 USB;c:\windows\system32\drivers\usb2vcom.sys [2.10.2008 0:40 30272]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.1.2009 14:22 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {2FC354F0-FEB1-47B7-B4E8-672B9406FDB2} = 10.20.60.18,10.20.60.20
FF - ProfilePath - c:\documents and settings\J.H\Data aplikací\Mozilla\Firefox\Profiles\4ynfxv4y.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1123561945-562591055-1606980848-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-10-12 14:27:59
ComboFix-quarantined-files.txt 2010-10-12 12:27

Před spuštěním: Volných bajtů: 22 608 900 096
Po spuštění: Volných bajtů: 22 589 562 880

- - End Of File - - 8782598B75CCC8F469673993219A67DD

A z HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:29:36, on 12.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\J.H\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [F:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog] F:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000030\8.0.0\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6528132875
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC354F0-FEB1-47B7-B4E8-672B9406FDB2}: NameServer = 10.20.60.18,10.20.60.20
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7836 bytes

[jaro3]

tak se tam koukni , jako nákazu bych to neviděl..

Něco k tomu:
The Recycler folder contains a Recycle Bin directory for each registered user on the computer, sorted by their security identifier (SID)
http://en.wikipedia.org/wiki/Security_Identifier
. Inside the Recycler folder you will find an image of the recycle bin with a name that includes a long number with dashes (S-1-5-21-1417001333-920026266-725345543-1003) used to identify the user that deleted the files.
S - The string is a SID.
1 - The revision level.
5 - The identifier authority value.
21-1417001333-920026266-725345543 - Domain or local computer identifier.
1003 – A Relative ID (RID). This number, starting from 1000, increments by 1 for each user that's added by the Administrator. 1003 means the 3rd user profile that was created.
Well-known SIDs
http://msdn.microsoft.com/en-us/library/aa379649(VS.85).aspx
Well-known security identifiers in Windows
http://support.microsoft.com/kb/243330(VS.85).aspx
Once the recycle bins are empty, the legitimiate directories should be empty as well. By default, it is a hidden folder unless you reconfigured Windows to show hidden files and folders - unchecking "Hide protected operating system files in Tools > Folder Options > View.

Howver, even after emptying the Recycler bin or cleaning it with CCleaner/ATFCleaner, the Recycler folder will still contain a "Recycle Bin" for each user that logs on to the computer, sorted by their security SID. You may find that although you have determined there are deleted files within one or more of the C:\recycler\S-1-5-21**** folders, these files may be hidden or inaccessible. There are various ways to delete these hidden files as VA(s)T has pointed out.

Also see Recycle bin is corrupt?

[oldman]

Tak to je pecka přímo mezi oči. Jestli jsem tomu dobře rozuměl tak to co není vidět, tak je vlastně obsah koše třetího uživatelského profilu. Už jen zjistit jakého protože já jsem sám, ženu ani děti nemám a sám jsem jiný uživatelský profil nezakládal. Do toho souboru v koši se teď nemůžu dostat. Dr.WebCurelt mi hlásí že nic nenašel a tak proto mi asi nic nechce ukázat. Takže nevím jestli tam nějaký INF2 je. Ono to asi bude jinak. Teď si budu ještě muset pohrát s uspořádáním složek, programů atd. a tedy končím. Takže mne velmi velmi mrzí že jsem vás obíral o čas. Děkuji za spolupráci a budu se snažit abych někdy opět nepřišel s podbným problémem.