PC-HELP.CZ

Nemohu provést aktualizace Adware, Spyboot, místo stránky winupdate se objeví Google. Vyskakují popup okna s reklamou. I když fixnu O17 - HKLM\System\CCS\Services\Tcpip\..\{D50BFCAF-49A8-4803-9263-BCC16482A54B}: NameServer = 85.255.116.165 85.255.112.141, tak se stejně objeví znova.
Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:59, on 27.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WinPhone\Winphone.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\freeCommander2006\freeCommander.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\antivir\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinPhone.lnk = C:\Program Files\WinPhone\Winphone.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1882474968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE975AF-3804-4988-BD0F-1F64CD70E2C1}: NameServer = 10.208.24.8,10.48.148.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{D50BFCAF-49A8-4803-9263-BCC16482A54B}: NameServer = 85.255.116.165 85.255.112.141
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5246 bytes


a

alwarebytes' Anti-Malware 1.34
Verze databáze: 1749
Windows 5.1.2600 Service Pack 3

27.3.2009 10:23:33
mbam-log-2009-03-27 (10-23-22).txt

Typ skenu: Rychlý sken
Objektu skenováno: 78597
Uplynulý cas: 5 minute(s), 12 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d50bfcaf-49a8-4803-9263-bcc16482a54b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165 85.255.112.141 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d50bfcaf-49a8-4803-9263-bcc16482a54b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165 85.255.112.141 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

A tady je ComboFix:
ComboFix 09-03-25.03 - NZZM 2009-03-27 12:05:29.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.317 [GMT 1:00]
Spuštěný z: c:\documents and settings\NZZM.VZ-9D6005FA0A39\Plocha\ComboFix3.exe
AV: avast! antivirus 4.8.1296 [VPS 090326-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

----- BITS: Možné infikované stránky -----

hxxp://10.208.25.191:8530
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-27 do 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-27 10:06 . 2008-06-17 20:02 8,465,408 -----c--- c:\windows\system32\dllcache\shell32.dll
2009-03-27 10:06 . 2008-12-05 07:57 144,896 -----c--- c:\windows\system32\dllcache\schannel.dll
2009-03-27 09:45 . 2009-03-27 10:06 1,374 --a------ c:\windows\imsins.BAK
2009-03-27 07:12 . 2009-03-27 10:56 0 --a------ C:\23990098.$$$
2009-03-26 14:09 . 2009-03-26 14:09 <DIR> d-------- c:\program files\CCleaner
2009-03-26 14:05 . 2009-03-26 14:06 6,095,745 --a------ c:\windows\REGBK00.ZIP
2009-03-26 14:03 . 2009-03-26 14:03 <DIR> d-a------ c:\windows\system32\runouce.exe
2009-03-26 14:01 . 2009-03-26 14:01 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-03-26 14:01 . 2009-03-26 14:01 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-26 14:01 . 2009-03-26 14:01 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-26 14:01 . 2008-04-14 08:52 147,968 --a------ c:\windows\R.COM
2009-03-26 14:01 . 2008-04-14 08:52 137,216 --a------ c:\windows\system32\T.COM
2009-03-26 14:01 . 2009-03-26 14:01 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-26 14:01 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-26 14:01 . 2009-03-27 10:53 54 --a------ c:\windows\Lic.xxx
2009-03-26 14:00 . 2009-03-26 14:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\MicroWorld
2009-03-26 09:24 . 2009-03-26 09:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\ESET
2009-03-26 09:04 . 2009-03-26 09:05 <DIR> d-------- C:\InfoMapa15
2009-03-26 07:00 . 2009-03-26 07:00 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-26 07:00 . 2009-03-27 08:45 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\Spyware Terminator
2009-03-26 07:00 . 2009-03-27 08:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Spyware Terminator
2009-03-26 07:00 . 2009-03-26 07:00 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-03-25 11:00 . 2009-03-25 11:00 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\Malwarebytes
2009-03-25 10:59 . 2009-03-25 10:59 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2009-03-25 10:07 . 2009-03-25 10:12 <DIR> d-------- C:\Red Alert 3
2009-03-25 08:18 . 2009-01-18 22:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-25 07:13 . 2009-03-25 07:13 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-25 07:13 . 2009-03-25 07:13 <DIR> d--h-c--- c:\documents and settings\All Users.WINDOWS\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-25 07:13 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-25 07:04 . 2009-02-11 11:07 16,896 --a------ c:\windows\system32\grwinsthlp.exe
2009-03-25 07:04 . 2009-03-25 07:04 217 --a------ C:\UnInstall.dat
2009-03-25 06:57 . 2009-03-25 06:57 <DIR> d-------- c:\program files\Lavasoft
2009-03-25 06:08 . 2009-03-27 10:11 <DIR> d-------- C:\antivir
2009-03-24 12:40 . 2009-03-24 12:43 10,246,088 --a------ C:\windows-kb890830-v2.8.exe
2009-03-24 11:06 . 2009-03-25 09:47 <DIR> d-------- C:\spywarebegone
2009-03-24 11:06 . 2009-03-24 11:06 170 --a------ c:\windows\spywarebegone-fullversion-installed.html
2009-03-24 07:28 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-24 07:26 . 2009-03-24 07:26 <DIR> d-------- c:\program files\Panda Security
2009-03-23 11:23 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-03-23 11:23 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2009-03-23 11:23 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2009-03-23 11:23 . 2007-07-20 00:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll
2009-03-23 11:23 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2009-03-23 11:23 . 2007-04-04 18:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-03-23 11:23 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll
2009-03-23 11:22 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-03-23 11:22 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2009-03-23 11:22 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2009-03-23 11:22 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2009-03-23 11:22 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2009-03-23 11:22 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2009-03-23 11:22 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2009-03-23 11:22 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2009-03-23 11:22 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2009-03-23 11:22 . 2007-03-05 12:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2009-03-23 11:21 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-03-23 11:20 . 2009-03-23 11:20 <DIR> d-------- c:\windows\Logs
2009-03-23 11:18 . 2009-03-23 11:18 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\DAEMON Tools Pro
2009-03-23 11:18 . 2009-03-23 11:18 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\DAEMON Tools
2009-03-23 11:17 . 2009-03-23 11:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\DAEMON Tools Lite
2009-03-23 11:16 . 2009-03-24 11:57 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-23 11:10 . 2009-03-23 11:19 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\DAEMON Tools Lite
2009-03-18 13:45 . 2009-03-20 12:49 <DIR> d-------- C:\Download
2009-03-18 13:45 . 2009-03-18 13:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikacĂ­
2009-03-18 07:35 . 2009-03-18 07:36 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-18 07:35 . 2009-03-18 07:35 <DIR> d-------- c:\program files\FotoSketcher
2009-03-17 10:14 . 2009-03-18 13:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Grid
2009-03-17 08:46 . 2009-03-17 08:46 71,265 --a------ c:\windows\system32\PICFAX
2009-03-17 07:03 . 2009-03-17 07:03 47,616 --a------ C:\SC do rozkazu.doc
2009-03-16 06:46 . 2009-03-16 06:46 <DIR> d-------- c:\program files\ToniArts
2009-03-11 09:44 . 2009-03-11 09:44 68,608 --a------ C:\Prostredky ochrany charakteristika a technické parametry.xls
2009-03-06 08:42 . 2009-03-06 08:42 <DIR> d-------- c:\program files\FLVPlayer
2009-03-06 07:11 . 2008-08-01 08:56 861,854 --a------ C:\1612__kronika_smutnych_casu.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-27 11:04 --------- d-----w c:\program files\freeCommander2006
2009-03-27 09:30 --------- d-----w c:\program files\WinPhone
2009-03-27 09:26 --------- d-----w c:\program files\Eraser
2009-03-27 07:00 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2009-03-25 08:45 --------- d-----w c:\program files\FlashGet
2009-03-25 06:19 --------- d-----w c:\program files\ORT Clock
2009-03-23 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 10:10 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-18 06:36 --------- d-----w c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\uTorrent
2009-03-16 06:03 --------- d-----w c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\WebStripper
2009-03-05 05:57 --------- d-----w c:\program files\DivX
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-01-28 06:20 --------- d-----w c:\program files\WMR11
2009-01-28 06:20 --------- d-----w c:\program files\WMCap
2009-01-28 05:04 --------- d-----w c:\program files\ElcomSoft
2009-01-19 05:53 2,269,056 ----a-w C:\FixDownadup odstranění Kido.exe
2005-09-26 10:25 184 ---ha-w c:\documents and settings\NZZM.VZ-9D6005FA0A39\hpothb07.dat
2004-03-11 11:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2003-04-22 19:02 135,168 ----a-w c:\program files\AVIPreview.exe
2005-09-07 06:10 10,856 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-26_13.28.43.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-26 10:26:27 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-27 07:01:33 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-26 10:26:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-27 07:01:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-05 06:57:54 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
- 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-09-15 15:27:55 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:07:41 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-11-05 09:49:48 149,200 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-27 09:09:46 149,200 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 07:51:56 8,465,408 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:56 8,465,408 ----a-w c:\windows\system32\shell32.dll
- 2008-04-14 07:51:56 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:57:54 144,896 ----a-w c:\windows\system32\schannel.dll
- 2007-11-30 12:39:09 18,296 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:36:00 18,296 ------w c:\windows\system32\spmsg.dll
+ 2009-03-27 09:29:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_58c.dat
+ 2008-04-15 17:51:49 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Eraser"="c:\program files\Eraser\eraser.exe" [2006-12-26 643072]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WinPhone.lnk - c:\program files\WinPhone\Winphone.exe [2005-09-08 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-18 13:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 08:52 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-18 13:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-18 13:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-18 13:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 09:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\wincmd\\WINCMD32.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-25 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-24 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-29 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-29 20560]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [2006-01-11 64896]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [2006-01-11 64896]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\report\kerneld.wnt [2006-08-28 3712]
.
Obsah adresáře 'Naplánované úlohy'

2009-03-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://10.32.160.9/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7AE975AF-3804-4988-BD0F-1F64CD70E2C1} = 10.208.24.8,10.48.148.9
FF - ProfilePath - c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\Mozilla\Firefox\Profiles\fwlbpanp.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 12:07:53
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\report\kerneld.wnt"
.
Celkový čas: 2009-03-27 12:09:51
ComboFix-quarantined-files.txt 2009-03-27 11:09:49
ComboFix2.txt 2009-03-26 12:30:39

Před spuštěním: Volných bajtů: 35 606 519 808
Po spuštění: Volných bajtů: 35,655,835,648

246 --- E O F --- 2008-12-29 05:23:05

Takže to dočistíme a vymažeme zbytky po Panda Antivirus ( máš tam přeci Avast)
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

tuto složku asi znáš:
C:\antivir ?

ComboFix 09-03-25.03 - NZZM 2009-03-30 6:07:10.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.511.297 [GMT 2:00]
Spuštěný z: c:\documents and settings\NZZM.VZ-9D6005FA0A39\Plocha\ComboFix3.exe
Použité ovládací přepínače :: c:\documents and settings\NZZM.VZ-9D6005FA0A39\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090326-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\imsins.BAK
c:\windows\REGBK00.ZIP
c:\windows\system32\drivers\pavboot.sys
c:\windows\system32\grwinsthlp.exe
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\runouce.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Panda Security
c:\program files\Panda Security\ActiveScan 2.0\apicr.dll
c:\program files\Panda Security\ActiveScan 2.0\as2auditor.dll
c:\program files\Panda Security\ActiveScan 2.0\as2data.dll
c:\program files\Panda Security\ActiveScan 2.0\as2guiie.dll
c:\program files\Panda Security\ActiveScan 2.0\as2inst.dll
c:\program files\Panda Security\ActiveScan 2.0\as2scanner.dll
c:\program files\Panda Security\ActiveScan 2.0\as2stubie.dll
c:\program files\Panda Security\ActiveScan 2.0\as2uninst.exe
c:\program files\Panda Security\ActiveScan 2.0\asmdat.dll
c:\program files\Panda Security\ActiveScan 2.0\avdetect.ini
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2KRN_DATA
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2PSK_NM
c:\program files\Panda Security\ActiveScan 2.0\ee366d2b2e4ede8287de879e85a0dcc2PSK_NM2
c:\program files\Panda Security\ActiveScan 2.0\firewalldetect.ini
c:\program files\Panda Security\ActiveScan 2.0\kreexent.dll
c:\program files\Panda Security\ActiveScan 2.0\libcomm.dll
c:\program files\Panda Security\ActiveScan 2.0\libxml2.dll
c:\program files\Panda Security\ActiveScan 2.0\mapvfile.dll
c:\program files\Panda Security\ActiveScan 2.0\memvfile.dll
c:\program files\Panda Security\ActiveScan 2.0\minicrypto.dll
c:\program files\Panda Security\ActiveScan 2.0\msvcr71.dll
c:\program files\Panda Security\ActiveScan 2.0\nanocache.fil2
c:\program files\Panda Security\ActiveScan 2.0\npwrapper.dll
c:\program files\Panda Security\ActiveScan 2.0\pav.sig
c:\program files\Panda Security\ActiveScan 2.0\pavboot.sys
c:\program files\Panda Security\ActiveScan 2.0\pavboot64.sys
c:\program files\Panda Security\ActiveScan 2.0\pavexcom.dll
c:\program files\Panda Security\ActiveScan 2.0\pavoe.dll
c:\program files\Panda Security\ActiveScan 2.0\pavsddl.dll
c:\program files\Panda Security\ActiveScan 2.0\pavvt.dll
c:\program files\Panda Security\ActiveScan 2.0\pavvts.dat
c:\program files\Panda Security\ActiveScan 2.0\pskads.dll
c:\program files\Panda Security\ActiveScan 2.0\pskahk.dll
c:\program files\Panda Security\ActiveScan 2.0\pskalloc.dll
c:\program files\Panda Security\ActiveScan 2.0\pskas.dll
c:\program files\Panda Security\ActiveScan 2.0\pskavs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskcmp.dll
c:\program files\Panda Security\ActiveScan 2.0\pskfss.dll
c:\program files\Panda Security\ActiveScan 2.0\pskhtml.dll
c:\program files\Panda Security\ActiveScan 2.0\pskmdfs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskmfs.dll
c:\program files\Panda Security\ActiveScan 2.0\psknc.dll
c:\program files\Panda Security\ActiveScan 2.0\pskpack.dll
c:\program files\Panda Security\ActiveScan 2.0\pskqhs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskscs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskutil.dll
c:\program files\Panda Security\ActiveScan 2.0\pskvfile.dll
c:\program files\Panda Security\ActiveScan 2.0\pskvfs.dll
c:\program files\Panda Security\ActiveScan 2.0\pskvm.dll
c:\program files\Panda Security\ActiveScan 2.0\psnden.dll
c:\program files\Panda Security\ActiveScan 2.0\psndsk.dll
c:\program files\Panda Security\ActiveScan 2.0\psnengav.dll
c:\program files\Panda Security\ActiveScan 2.0\psnengav.nsc
c:\program files\Panda Security\ActiveScan 2.0\psnfc.dll
c:\program files\Panda Security\ActiveScan 2.0\psnglkntex.dll
c:\program files\Panda Security\ActiveScan 2.0\psnhsh.dll
c:\program files\Panda Security\ActiveScan 2.0\psnkrnl.dll
c:\program files\Panda Security\ActiveScan 2.0\psnxprs.dll
c:\program files\Panda Security\ActiveScan 2.0\psqmgr.dll
c:\program files\Panda Security\ActiveScan 2.0\psqstore\Invent.QCF
c:\program files\Panda Security\ActiveScan 2.0\psqstore\Invent.QCF.ext
c:\program files\Panda Security\ActiveScan 2.0\psqstore\PSQ.CFG
c:\program files\Panda Security\ActiveScan 2.0\pssarf.dll
c:\program files\Panda Security\ActiveScan 2.0\psscan.dll
c:\program files\Panda Security\ActiveScan 2.0\psscoms.dll
c:\program files\Panda Security\ActiveScan 2.0\psscpu.dll
c:\program files\Panda Security\ActiveScan 2.0\pssdet.dll
c:\program files\Panda Security\ActiveScan 2.0\psspa.dll
c:\program files\Panda Security\ActiveScan 2.0\pssqem.dll
c:\program files\Panda Security\ActiveScan 2.0\pssuts.dll
c:\program files\Panda Security\ActiveScan 2.0\pssyschk.dll
c:\program files\Panda Security\ActiveScan 2.0\putczip.dll
c:\program files\Panda Security\ActiveScan 2.0\rkpavproc.sys
c:\program files\Panda Security\ActiveScan 2.0\rkpavproc64.sys
c:\program files\Panda Security\ActiveScan 2.0\scremlsp.exe
c:\program files\Panda Security\ActiveScan 2.0\vplatdis.dll
c:\program files\Panda Security\ActiveScan 2.0\vplatprc.dll
c:\windows\REGBK00.ZIP
c:\windows\regedit.com
c:\windows\system32\drivers\pavboot.sys
c:\windows\system32\grwinsthlp.exe
c:\windows\system32\KGyGaAvL.sys
c:\windows\system32\taskmgr.com

----- BITS: Možné infikované stránky -----

hxxp://10.208.25.191:8530
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PAVBOOT
-------\Service_pavboot


((((((((((((((((((((((((( Soubory vytvořené od 2009-02-28 do 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-27 15:41 . 2009-03-27 15:41 0 --a------ C:\23990098.$$$
2009-03-27 14:52 . 2009-03-27 14:52 28 --a------ c:\windows\Lic.xxx
2009-03-27 11:06 . 2008-06-17 21:02 8,465,408 -----c--- c:\windows\system32\dllcache\shell32.dll
2009-03-27 11:06 . 2008-12-05 08:57 144,896 -----c--- c:\windows\system32\dllcache\schannel.dll
2009-03-26 15:09 . 2009-03-26 15:09 <DIR> d-------- c:\program files\CCleaner
2009-03-26 15:03 . 2009-03-26 15:03 <DIR> d-a------ c:\windows\system32\runouce.exe
2009-03-26 15:01 . 2009-03-26 15:01 <DIR> d-------- c:\program files\Common Files\MicroWorld
2009-03-26 15:01 . 2009-03-26 15:01 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-26 15:01 . 2009-03-26 15:01 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-26 15:01 . 2008-04-14 09:52 147,968 --a------ c:\windows\R.COM
2009-03-26 15:01 . 2008-04-14 09:52 137,216 --a------ c:\windows\system32\T.COM
2009-03-26 15:01 . 2009-03-26 15:01 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-26 15:01 . 2005-09-23 00:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-26 15:00 . 2009-03-26 15:01 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\MicroWorld
2009-03-26 10:24 . 2009-03-26 10:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\ESET
2009-03-26 10:04 . 2009-03-26 10:05 <DIR> d-------- C:\InfoMapa15
2009-03-25 12:00 . 2009-03-25 12:00 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\Malwarebytes
2009-03-25 11:59 . 2009-03-25 11:59 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2009-03-25 11:07 . 2009-03-25 11:12 <DIR> d-------- C:\Red Alert 3
2009-03-25 09:18 . 2009-01-18 23:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-25 08:13 . 2009-03-25 08:13 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-25 08:13 . 2009-03-25 08:13 <DIR> d--h-c--- c:\documents and settings\All Users.WINDOWS\Data aplikací\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-25 08:13 . 2009-01-18 23:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-25 08:04 . 2009-03-25 08:04 217 --a------ C:\UnInstall.dat
2009-03-25 07:57 . 2009-03-25 07:57 <DIR> d-------- c:\program files\Lavasoft
2009-03-25 07:08 . 2009-03-27 14:41 <DIR> d-------- C:\antivir
2009-03-24 13:40 . 2009-03-24 13:43 10,246,088 --a------ C:\windows-kb890830-v2.8.exe
2009-03-24 12:06 . 2009-03-24 12:06 170 --a------ c:\windows\spywarebegone-fullversion-installed.html
2009-03-23 12:23 . 2007-07-19 19:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-03-23 12:23 . 2007-07-19 19:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2009-03-23 12:23 . 2007-07-19 19:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2009-03-23 12:23 . 2007-07-20 01:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll
2009-03-23 12:23 . 2007-06-20 21:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2009-03-23 12:23 . 2007-04-04 19:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-03-23 12:23 . 2007-10-22 04:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll
2009-03-23 12:22 . 2007-03-12 17:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2009-03-23 12:22 . 2007-03-12 17:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2009-03-23 12:22 . 2007-03-15 17:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2009-03-23 12:22 . 2007-04-04 19:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2009-03-23 12:22 . 2007-01-24 16:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2009-03-23 12:22 . 2006-12-08 13:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2009-03-23 12:22 . 2006-09-28 17:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2009-03-23 12:22 . 2006-07-28 10:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2009-03-23 12:22 . 2006-07-28 10:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2009-03-23 12:22 . 2007-03-05 13:42 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2009-03-23 12:21 . 2005-05-26 16:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2009-03-23 12:20 . 2009-03-23 12:20 <DIR> d-------- c:\windows\Logs
2009-03-23 12:18 . 2009-03-23 12:18 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\DAEMON Tools Pro
2009-03-23 12:18 . 2009-03-23 12:18 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\DAEMON Tools
2009-03-23 12:17 . 2009-03-23 12:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\DAEMON Tools Lite
2009-03-23 12:16 . 2009-03-24 12:57 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-23 12:10 . 2009-03-23 12:19 <DIR> d-------- c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\DAEMON Tools Lite
2009-03-18 14:45 . 2009-03-20 13:49 <DIR> d-------- C:\Download
2009-03-18 14:45 . 2009-03-18 14:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikacĂ­
2009-03-18 08:35 . 2009-03-18 08:36 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-18 08:35 . 2009-03-18 08:35 <DIR> d-------- c:\program files\FotoSketcher
2009-03-17 11:14 . 2009-03-18 14:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Data aplikací\Grid
2009-03-17 09:46 . 2009-03-17 09:46 71,265 --a------ c:\windows\system32\PICFAX
2009-03-17 08:03 . 2009-03-17 08:03 47,616 --a------ C:\SC do rozkazu.doc
2009-03-16 07:46 . 2009-03-16 07:46 <DIR> d-------- c:\program files\ToniArts
2009-03-11 10:44 . 2009-03-11 10:44 68,608 --a------ C:\Prostredky ochrany charakteristika a technické parametry.xls
2009-03-06 09:42 . 2009-03-06 09:42 <DIR> d-------- c:\program files\FLVPlayer
2009-03-06 08:11 . 2008-08-01 09:56 861,854 --a------ C:\1612__kronika_smutnych_casu.jpg
2009-02-20 07:42 . 2009-01-20 20:00 25,180,160 --a------ C:\NightWork -- Klip.avi
2009-02-17 10:53 . 2009-02-17 13:04 4,170,752 --a------ C:\vyhodnocení 2008 ZS.ppt
2009-02-17 07:51 . 2009-03-03 09:43 <DIR> d-------- C:\ekorada
2009-02-16 11:20 . 2009-02-26 10:30 93,184 --a------ C:\závod prevent péče (2).doc
2009-02-11 15:04 . 2009-02-11 12:05 1,030,655 --a------ C:\ORTCLOC.rar
2009-02-11 14:59 . 2009-02-11 14:59 57,344 --a------ C:\Spis-HASIČI.doc
2009-02-11 14:59 . 2009-02-11 14:59 20,480 --a------ C:\Tabulka-hasiči.xls
2009-02-11 12:07 . 2009-03-25 08:19 <DIR> d-------- c:\program files\ORT Clock
2009-02-05 07:04 . 2009-02-16 11:08 88,576 --a------ C:\závod prevent péče (1).doc
2009-02-04 14:52 . 2009-02-11 14:33 503,808 --a------ C:\flv2.doc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 04:13 --------- d-----w c:\program files\WinPhone
2009-03-30 04:09 --------- d-----w c:\program files\Eraser
2009-03-30 04:04 --------- d-----w c:\program files\freeCommander2006
2009-03-27 12:48 --------- d-----w c:\documents and settings\All Users.WINDOWS\Data aplikací\Spybot - Search & Destroy
2009-03-25 08:45 --------- d-----w c:\program files\FlashGet
2009-03-23 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-23 10:10 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-18 06:36 --------- d-----w c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\uTorrent
2009-03-16 06:03 --------- d-----w c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\WebStripper
2009-03-05 05:57 --------- d-----w c:\program files\DivX
2009-01-28 06:20 --------- d-----w c:\program files\WMR11
2009-01-28 06:20 --------- d-----w c:\program files\WMCap
2009-01-28 05:04 --------- d-----w c:\program files\ElcomSoft
2009-01-19 05:53 2,269,056 ----a-w C:\FixDownadup odstranění Kido.exe
2005-09-26 10:25 184 ---ha-w c:\documents and settings\NZZM.VZ-9D6005FA0A39\hpothb07.dat
2004-03-11 11:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2003-04-22 19:02 135,168 ----a-w c:\program files\AVIPreview.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-26_13.28.43.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2009-03-27 12:34:39 1,900 ----a-w c:\windows\SoftwareDistribution\EventCache\{D037A68C-461C-4E87-87A7-0E309055687C}.bin
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2009-03-26 10:26:27 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-27 07:01:33 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-26 10:26:27 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-27 07:01:33 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-05 06:57:54 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
- 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-09-15 15:27:55 1,846,400 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:07:41 1,846,784 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-09-08 10:41:42 333,824 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-12-11 10:57:09 333,952 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-11-05 09:49:48 149,200 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-27 09:09:46 149,200 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-12-10 09:46:03 90,430 ----a-w c:\windows\system32\perfc005.dat
+ 2009-03-30 04:00:05 90,430 ----a-w c:\windows\system32\perfc005.dat
- 2008-12-10 09:46:03 78,934 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-30 04:00:05 78,934 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-10 09:46:03 455,348 ----a-w c:\windows\system32\perfh005.dat
+ 2009-03-30 04:00:05 455,348 ----a-w c:\windows\system32\perfh005.dat
- 2008-12-10 09:46:03 459,014 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-30 04:00:05 459,014 ----a-w c:\windows\system32\perfh009.dat
- 2008-04-14 07:51:56 8,465,408 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:56 8,465,408 ----a-w c:\windows\system32\shell32.dll
- 2008-04-14 07:51:56 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:57:54 144,896 ----a-w c:\windows\system32\schannel.dll
- 2007-11-30 12:39:09 18,296 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:36:00 18,296 ------w c:\windows\system32\spmsg.dll
- 2008-09-15 15:27:55 1,846,400 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 14:07:41 1,846,784 ----a-w c:\windows\system32\win32k.sys
+ 2009-03-30 04:11:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_578.dat
+ 2008-04-15 17:51:49 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Eraser"="c:\program files\Eraser\eraser.exe" [2006-12-26 643072]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
WinPhone.lnk - c:\program files\WinPhone\Winphone.exe [2005-09-08 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-18 14:00 208952 c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 09:52 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-18 14:00 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-18 14:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-18 14:00 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 10:42 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\wincmd\\WINCMD32.EXE"=
"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-25 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-29 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-29 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501);c:\windows\system32\drivers\adusbmdm65.sys [2006-01-11 64896]
R3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501);c:\windows\system32\drivers\adusbser65.sys [2006-01-11 64896]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2004-08-18 69120]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\report\kerneld.wnt [2006-08-28 3712]
.
Obsah adresáře 'Naplánované úlohy'

2009-03-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 23:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://10.32.160.9/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7AE975AF-3804-4988-BD0F-1F64CD70E2C1} = 10.208.24.8,10.48.148.9
FF - ProfilePath - c:\documents and settings\NZZM.VZ-9D6005FA0A39\Data aplikací\Mozilla\Firefox\Profiles\fwlbpanp.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 06:13:18
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\report\kerneld.wnt"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Celkový čas: 2009-03-30 6:18:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-30 04:18:12
ComboFix2.txt 2009-03-27 12:13:59
ComboFix3.txt 2009-03-27 12:05:00
ComboFix4.txt 2009-03-27 11:09:53
ComboFix5.txt 2009-03-30 04:06:32

Před spuštěním: Volných bajtů: 41 481 355 264
Po spuštění: Volných bajtů: 41,521,459,200

367 --- E O F --- 2008-12-29 05:23:05


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:21:19, on 30.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WinPhone\Winphone.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\freeCommander2006\freeCommander.exe
C:\antivir\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.32.160.9/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinPhone.lnk = C:\Program Files\WinPhone\Winphone.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1882474968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE975AF-3804-4988-BD0F-1F64CD70E2C1}: NameServer = 10.208.24.8,10.48.148.9
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5129 bytes

Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Nainstaluj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Vše.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\runouce.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\NZZM~1.VZ-\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03302009_110344

Files moved on Reboot...
File C:\DOCUME~1\NZZM~1.VZ-\LOCALS~1\Temp\WCESLog.log not found!
File C:\WINDOWS\temp\Perflib_Perfdata_5b0.dat not found!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:53, on 30.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WinPhone\Winphone.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\freeCommander2006\freeCommander.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\antivir\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.32.160.9/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinPhone.lnk = C:\Program Files\WinPhone\Winphone.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1882474968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE975AF-3804-4988-BD0F-1F64CD70E2C1}: NameServer = 10.208.24.8,10.48.148.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{D50BFCAF-49A8-4803-9263-BCC16482A54B}: NameServer = 85.255.116.165 85.255.112.141
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5295 bytes

Bohužel se to chová stejně. Na adrese http://update.microsoft.com/microsoftupdate/ se zobrazí Google
Not Found
The requested URL /microsoftupdate/ was not found on this server.

a z tohoto odkazu totéž
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211882474968

a zase se objevil:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D50BFCAF-49A8-4803-9263-BCC16482A54B}: NameServer = 85.255.116.165 85.255.112.141

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1749
Windows 5.1.2600 Service Pack 3

30.3.2009 12:21:39
mbam-log-2009-03-30 (12-21-32).txt

Typ skenu: Rychlý sken
Objektu skenováno: 78644
Uplynulý cas: 6 minute(s), 54 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d50bfcaf-49a8-4803-9263-bcc16482a54b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165 85.255.112.141 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d50bfcaf-49a8-4803-9263-bcc16482a54b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.165 85.255.112.141 -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log + nový log z HJT.

Děkuji za pomoc, již jsem to vyřešil použitím Fixwareout.exe (sorry, lezl jsem i po zahraničních fórech a na tohle jsem narazil). Spojení přez ukrajinu holt není to nejlepší Aktualizace Adware, spyboot a winupdate již funkční. I tak děkujim moc za pomoc. Dodávám log a prosím o kontrolu,co je ještě možné fixnout .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:19, on 30.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WinPhone\Winphone.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\freeCommander2006\freeCommander.exe
C:\Program Files\AnyDATA\EasyWirelessNet\EasyWirelessNet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\Updates\sbsd162upd.exe
C:\DOCUME~1\NZZM~1.VZ-\LOCALS~1\Temp\is-MJDFJ.tmp\sbsd162upd.tmp
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\antivir\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.32.160.9/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinPhone.lnk = C:\Program Files\WinPhone\Winphone.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1882474968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE975AF-3804-4988-BD0F-1F64CD70E2C1}: NameServer = 10.208.24.8,10.48.148.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{D50BFCAF-49A8-4803-9263-BCC16482A54B}: NameServer = 160.218.10.200 160.218.43.200
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5410 bytes

IP 160.218.10.200 160.218.43.200 je naštěstí už Eurotel a IP 10.208.24.8,10.48.148.9 je vnitřní síť

Fixwareout stáhl autor z oficiálních stránek před půl rokem. Ještě jsem uživatelům několikrát tento program sám uploadoval, ale stejnou funkci a daleko více poskytuje dnes MbAM.
Můžeš najít a smazat:
C:\DOCUME~1\NZZM~1.VZ-\LOCALS~1\Temp\is-MJDFJ.tmp\sbsd162upd.tmp

Jinak O.K., můžeš dát vyřešeno, fajfku.