PC-HELP.CZ

Zdravím.
Prosím pomozte.
Zmizel mi disk C z exploreru. Ze Startu zmizely "všechny programy", většina ikonek vpravo a možnost odhlásit.
Chce to zase něco stahovat a vedle hodin bylo VIRUS ALERT. Ovládací panely, správce úloh, registry nepřístupné.

Projel jsem to Sbytobem SaD...
Skoro vše OK.
VIRUS ALERT jsem smazal ručně v řegistrech.
Přetrvává problém s diskem a startem + objevuje se znovu pup-okno na stažení další blbosti v IE.

Tady je HJT:

Logfile of HijackThis v1.99.1
Scan saved at 22:45, on 10.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Správce\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - {0E349C07-A53A-44A9-AA35-50EE7B2198CF} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6AFB6F98-289C-442E-B577-5E5125C742E2} - C:\WINDOWS\system32\khfFYRif.dll
O2 - BHO: (no name) - {A46D15B2-6862-43CF-9B1F-8C7A8800FB5B} - C:\WINDOWS\system32\fcccawxy.dll
O2 - BHO: (no name) - {A84B34E7-9CF0-4776-8EE0-FBDEBE1E5328} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\SPRVCE~1\LOCALS~1\Temp\IXP001.TMP\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RegCom32] C:\DOCUME~1\SPRVCE~1\LOCALS~1\Temp\critical_updates.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{589E1DF7-E7B7-416E-BB62-A19819BEC191}: NameServer = 80.188.178.129,80.188.178.132
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: khfFYRif - C:\WINDOWS\SYSTEM32\khfFYRif.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Před použitím ComboFix udělej následující kroky:
#Krok 1:
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)

- zavři program
Restartuj PC.

#Krok 2:
Po té si stáhni ResetTeaTimer.bat (viz. Poznámka) a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Takže jsem to projel ComboFixem a vše je již v pohodě.
Mám to už jen projet CCleanerem a log z HJT, nebo ještě nějaký krok?

Tady je log z ComboFixu:

ComboFix 08-09-10.04 - Správce 2008-09-11 16:55:41.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.674 [GMT 2:00]
Spusteny z: C:\Documents and Settings\Správce\Plocha\ComboFix.exe
* Vytvoren novy Bod Obnoveni

VAROVANI - NA TOMTO POCITACI NENI NAINSTALOVANA KONZOLA PRO ZOTAVENI !!
.

((((((((((((((((((((((((((((((((((((((( Ostatni vymazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sc.html
C:\WINDOWS\ebvs.exe
C:\WINDOWS\erkn.exe
C:\WINDOWS\system32\hlveqbdo.dll
C:\WINDOWS\system32\odbqevlh.ini
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdsspopup.dll
C:\WINDOWS\system32\tdsspopup1.url
C:\WINDOWS\system32\tdsspopup2.url
C:\WINDOWS\system32\tdsspopup3.url
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\yxwacccf.ini
C:\WINDOWS\system32\yxwacccf.ini2
C:\Documents and Settings\Správce\Cookies\správce@c.gamelink[1].txt . . . . nemohl byt smazan
C:\Documents and Settings\Správce\Data aplikací\inst.exe . . . . nemohl byt smazan
C:\Documents and Settings\Správce\Local Settings\Temporary Internet Files\TRNCOM.INI . . . . nemohl byt smazan
C:\Documents and Settings\Správce\Plocha\Privacy Protector.url . . . . nemohl byt smazan

.
((((((((((((((((((((((((( Soubory vytvorene od 2008-08-11 do 2008-09-11 )))))))))))))))))))))))))))))))
.

2008-09-10 22:10 . 2008-07-04 18:20 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-09-10 22:10 . 2008-09-10 22:10 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-10 22:10 . 2008-09-10 22:10 165 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-09-10 21:10 . 2008-09-10 22:20 404 --a------ C:\WINDOWS\wininit.ini
2008-09-10 20:39 . 2008-09-10 20:39 88,878 --a------ C:\WINDOWS\system32\casino3.ico
2008-09-10 20:39 . 2008-09-10 20:39 88,878 --a------ C:\WINDOWS\system32\casino2.ico
2008-09-10 20:39 . 2008-09-10 20:39 88,878 --a------ C:\WINDOWS\system32\casino1.ico
2008-09-10 20:38 . 2008-09-10 17:25 376,832 --a------ C:\WINDOWS\vmgspntbrvm.dll
2008-09-10 13:18 . 2008-09-10 13:18 322,048 --a------ C:\WINDOWS\system32\fcccawxy.dll
2008-09-10 13:12 . 2008-09-11 17:05 <DIR> d-------- C:\Program Files\PCHealthCenter
2008-09-10 13:12 . 2008-09-10 09:20 364,544 --a------ C:\WINDOWS\vmgspntbter.dll
2008-09-10 13:12 . 2008-09-10 17:25 94,208 --a------ C:\WINDOWS\mqgldfvo.exe
2008-08-31 16:05 . 2008-08-31 16:04 133,360 --a------ C:\IMG_309.jpg
2008-08-31 10:52 . 2008-08-31 10:52 <DIR> d-------- C:\Program Files\GNU
2008-08-31 10:16 . 2008-08-31 10:16 <DIR> d-------- C:\Program Files\AC3Filter
2008-08-24 13:01 . 2008-08-24 13:02 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-17 22:59 . 2008-08-17 22:59 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-08-16 12:23 . 2008-08-16 12:23 <DIR> d-------- C:\Program Files\DVDFab 5
2008-08-16 12:23 . 2008-08-16 12:23 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-16 10:17 . 2008-08-16 10:18 <DIR> d-------- C:\Program Files\AudioCommander
2008-08-15 23:46 . 2008-08-16 13:52 3,532 --a------ C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M vypis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 15:05 --------- d-----w C:\Program Files\PCHealthCenter
2008-09-08 19:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-29 10:34 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-16 18:08 --------- d-----w C:\Program Files\DivX
2008-08-05 09:57 --------- d-----w C:\Program Files\Nero
2008-08-05 09:57 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-04 21:42 --------- d-----w C:\Program Files\Real Alternative
2008-08-04 18:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-29 10:14 --------- d-----w C:\Program Files\NOS
2008-07-28 20:59 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-28 20:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-28 12:17 --------- d-----w C:\Program Files\uTorrent
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-24 21:29 --------- d-----w C:\Program Files\Ahead
2008-07-24 14:34 517,553 ----a-w C:\Program Files\utorrent.lng
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 13:45 --------- d-----w C:\Program Files\Canon
2008-07-18 15:07 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-07-18 15:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 15:04 --------- d-----w C:\Program Files\Realtek AC97
2008-07-18 14:45 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-18 14:12 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-07-18 13:37 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-18 13:36 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 15:30 --------- d-----w C:\Program Files\GRETECH
2008-07-16 15:27 --------- d-----w C:\Program Files\TRANSLAT
2008-07-16 12:48 --------- d-----w C:\Program Files\Sunbelt Software
2008-07-16 12:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-16 12:47 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-07-16 12:46 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-07-16 12:39 --------- d-----w C:\Program Files\totalcmd
2008-07-16 12:33 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-16 12:06 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-07-16 11:47 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-16 11:39 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-14 14:53 --------- d-----w C:\Program Files\DIFX
2008-07-07 12:11 2,426 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-07-07 12:10 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.

------- Sigcheck -------

2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\SoftwareDistribution\Download\35df3b7362f9361af2fa0d1e6d23d778\sp2gdr\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\SoftwareDistribution\Download\35df3b7362f9361af2fa0d1e6d23d778\sp2qfe\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\35df3b7362f9361af2fa0d1e6d23d778\sp3gdr\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\35df3b7362f9361af2fa0d1e6d23d778\sp3qfe\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spousteci body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznamka* prazdne zaznamy & legitimni vychozi udaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD34ADB0-7DBB-4BBE-B05F-B2E92897AE59}]
2008-09-10 13:18 322048 --a------ C:\WINDOWS\system32\fcccawxy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-01-25 132096]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-18 76040]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
.
- - - - NEPLATNE POLOZKY ODSTRANENE Z REGISTRU - - - -

BHO-{0E349C07-A53A-44A9-AA35-50EE7B2198CF} - (no file)
BHO-{6AFB6F98-289C-442E-B577-5E5125C742E2} - C:\WINDOWS\system32\khfFYRif.dll
BHO-{A84B34E7-9CF0-4776-8EE0-FBDEBE1E5328} - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{6AFB6F98-289C-442E-B577-5E5125C742E2} - C:\WINDOWS\system32\khfFYRif.dll
Notify-khfFYRif - khfFYRif.dll


.
------- Doplnkovy sken -------
.
FireFox -: Profile - C:\Documents and Settings\Správce\Data aplikací\Mozilla\Firefox\Profiles\q32h4r8q.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 17:06:47
Windows 5.1.2600 Service Pack 2 NTFS

skenovani skrytych procesu ...

skenovani skrytych polozek 'Po spusteni' ...

skenovani skrytych souboru ...

sken byl uspesne dokoncen
skryte soubory: 0

**************************************************************************
.
------------------------ Jine spustene procesy ------------------------
.
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Celkovy cas: 2008-09-11 17:09:21 - pocitac byl restartovan [Spr vce]
ComboFix-quarantined-files.txt 2008-09-11 15:09:13

Pre-Run: Volných bajtů: 20,110,905,344
Post-Run: Volněch bajt…: 20,392,402,944

210 --- E O F --- 2008-07-17 15:03:19

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený přejmenovaný program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

ComboFix 08-09-10.04 - Správce 2008-09-11 21:57:23.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.701 [GMT 2:00]
Spusteny z: C:\Documents and Settings\Správce\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Správce\Plocha\CFScript.txt
* Vytvoren novy Bod Obnoveni

VAROVANI - NA TOMTO POCITACI NENI NAINSTALOVANA KONZOLA PRO ZOTAVENI !!
.

((((((((((((((((((((((((((((((((((((((( Ostatni vymazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PCHealthCenter
C:\WINDOWS\mqgldfvo.exe
C:\WINDOWS\system32\casino1.ico
C:\WINDOWS\system32\casino2.ico
C:\WINDOWS\system32\casino3.ico
C:\WINDOWS\vmgspntbrvm.dll
C:\WINDOWS\vmgspntbter.dll
C:\Documents and Settings\Správce\Cookies\správce@c.gamelink[1].txt . . . . nemohl byt smazan
C:\Documents and Settings\Správce\Data aplikací\inst.exe . . . . nemohl byt smazan
C:\Documents and Settings\Správce\Local Settings\Temporary Internet Files\TRNCOM.INI . . . . nemohl byt smazan
C:\Documents and Settings\Správce\Plocha\Privacy Protector.url . . . . nemohl byt smazan

.
((((((((((((((((((((((((( Soubory vytvorene od 2008-08-11 do 2008-09-11 )))))))))))))))))))))))))))))))
.

2008-09-11 17:09 . 2008-09-11 17:09 <DIR> d-------- C:\Documents and Settings\Správce
2008-09-11 17:09 . <DIR> C:\Documents and Settings\Sprßvce\Local Settings
2008-09-11 17:09 . <DIR> C:\Documents and Settings\Sprßvce\Local Settings
2008-09-10 22:10 . 2008-07-04 18:20 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2008-09-10 22:10 . 2008-07-04 20:07 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2008-09-10 22:10 . 2008-09-10 22:10 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-10 22:10 . 2008-09-10 22:10 165 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-09-10 21:10 . 2008-09-10 22:20 404 --a------ C:\WINDOWS\wininit.ini
2008-08-31 16:05 . 2008-08-31 16:04 133,360 --a------ C:\IMG_309.jpg
2008-08-31 10:52 . 2008-08-31 10:52 <DIR> d-------- C:\Program Files\GNU
2008-08-31 10:16 . 2008-08-31 10:16 <DIR> d-------- C:\Program Files\AC3Filter
2008-08-24 13:01 . 2008-08-24 13:02 <DIR> d-------- C:\Program Files\DVD Shrink
2008-08-17 22:59 . 2008-08-17 22:59 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-08-16 12:23 . 2008-08-16 12:23 <DIR> d-------- C:\Program Files\DVDFab 5
2008-08-16 12:23 . 2008-08-16 12:23 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-16 10:17 . 2008-08-16 10:18 <DIR> d-------- C:\Program Files\AudioCommander
2008-08-15 23:46 . 2008-08-16 13:52 3,532 --a------ C:\drmHeader.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M vypis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 19:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-29 10:34 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-16 18:08 --------- d-----w C:\Program Files\DivX
2008-08-05 09:57 --------- d-----w C:\Program Files\Nero
2008-08-05 09:57 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-04 21:42 --------- d-----w C:\Program Files\Real Alternative
2008-08-04 18:29 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-29 10:14 --------- d-----w C:\Program Files\NOS
2008-07-28 20:59 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-28 20:59 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-28 12:17 --------- d-----w C:\Program Files\uTorrent
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-24 21:29 --------- d-----w C:\Program Files\Ahead
2008-07-24 14:34 517,553 ----a-w C:\Program Files\utorrent.lng
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 13:45 --------- d-----w C:\Program Files\Canon
2008-07-18 15:07 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-07-18 15:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 15:04 --------- d-----w C:\Program Files\Realtek AC97
2008-07-18 14:45 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-18 14:12 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-07-18 13:37 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-18 13:36 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 15:30 --------- d-----w C:\Program Files\GRETECH
2008-07-16 15:27 --------- d-----w C:\Program Files\TRANSLAT
2008-07-16 12:48 --------- d-----w C:\Program Files\Sunbelt Software
2008-07-16 12:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-16 12:47 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-07-16 12:46 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-07-16 12:39 --------- d-----w C:\Program Files\totalcmd
2008-07-16 12:33 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-16 12:06 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-07-16 11:47 --------- d-----w C:\Program Files\DAEMON Tools
2008-07-16 11:39 611,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-14 14:53 --------- d-----w C:\Program Files\DIFX
2008-07-07 12:11 2,426 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
2008-07-07 12:10 8,972 ----a-w C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
2004-07-22 08:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 12:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Program Files\DSETUP.dll
.

------- Sigcheck -------

2008-06-20 12:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\SoftwareDistribution\Download\35df3b7362f9361af2fa0d1e6d23d778\sp2gdr\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\SoftwareDistribution\Download\35df3b7362f9361af2fa0d1e6d23d778\sp2qfe\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\35df3b7362f9361af2fa0d1e6d23d778\sp3gdr\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\35df3b7362f9361af2fa0d1e6d23d778\sp3qfe\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spousteci body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznamka* prazdne zaznamy & legitimni vychozi udaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-01-25 132096]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 71088]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-18 76040]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 22:05:13
Windows 5.1.2600 Service Pack 2 NTFS

skenovani skrytych procesu ...

skenovani skrytych polozek 'Po spusteni' ...

skenovani skrytych souboru ...

sken byl uspesne dokoncen
skryte soubory: 0

**************************************************************************
.
------------------------ Jine spustene procesy ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Celkovy cas: 2008-09-11 22:07:38 - pocitac byl restartovan
ComboFix-quarantined-files.txt 2008-09-11 20:07:21
ComboFix2.txt 2008-09-11 15:09:25

Pre-Run: Volných bajtů: 20,374,171,648
Post-Run: Volněch bajt…: 20,363,968,512

174 --- E O F --- 2008-07-17 15:03:19


_____________________________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 22:08, on 11.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Správce\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{589E1DF7-E7B7-416E-BB62-A19819BEC191}: NameServer = 80.188.178.129,80.188.178.132
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Takže je vše v pohodě?

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pokud máš ještě na ploše stále tento soubor (Privacy Protector) tak ho smaž ručně, pokud by nešel tak ho smaž takto:

Stáhni si Gmer rozbal archiv a spusť ho.
- proběhne krátká kontrola a po ní klikni na záložku > > > rozbalí se ti přehled záložek a tam zvol Processes
- vpravo uprostřed klikni na tlačítko Files...
- otevře se ti nové okno Files... a tam vyhledej tebou uvedený soubor (C:\Documents and Settings\Správce\Plocha\Privacy Protector.url) vyber/označ ho a pak klikni na Delete

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Máš nějaké problémy s Keriem, protože ti tam běží od něho služba, ale v procesech ti neběží?

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Používáš starší verzi HijackThis, pokud by sis někdy příště dával zkontrolovat log, tak si stáhni aktuální verzi zde a tu starou před použitím vymaž.

Máš ještě nějaké problémy?