PC-HELP.CZ

mám stejný problém jako koleka výše, prosím poraďte

Vypis z HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:47, on 25.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O2 - BHO: MSVPS System - {A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE} - C:\WINDOWS\werbetdqw.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O21 - SSODL: gormet - {05406277-C73D-499F-8C8B-385A7C9994BA} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {2F4823C4-21E3-49E9-89C6-56A865FC3403} - C:\WINDOWS\pmkret.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6165 bytes

LOL

Pro luciper - založ si vlastní - tady Tě asi nikdo nebude hledat!

Vítej na fóru

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.

Dej sem pak taky i nový log z HijackThis

PS: platí to co už zmínil Pic, je lepší si založit příště vlastní téma, i kdyby se jednalo o stejný problém jako máš ty.

Tak zatim to nevypadá, že by to pomohlo

log z Superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/26/2007 at 03:13 PM

Application Version : 3.9.1008

Core Rules Database Version : 3350
Trace Rules Database Version: 1349

Scan type : Complete Scan
Total Scan Time : 04:10:43

Memory items scanned : 413
Memory threats detected : 0
Registry items scanned : 5186
Registry threats detected : 21
File items scanned : 48812
File threats detected : 397

Trojan.Net-AM/NoGood
HKLM\Software\Classes\CLSID\{86A44EF7-78FC-4e18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\InprocServer32
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\InprocServer32#ThreadingModel
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\ProgID
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\Programmable
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\TypeLib
HKCR\CLSID\{86A44EF7-78FC-4E18-A564-B18F806F7F56}\VersionIndependentProgID
C:\PROGRAM FILES\ACTIVATIONMANAGER\ACTIVATIONMANAGER.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\InprocServer32
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\InprocServer32#ThreadingModel
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\ProgID
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\Programmable
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\TypeLib
HKCR\CLSID\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\VersionIndependentProgID
C:\WINDOWS\WERBETDQW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexshop[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fan.soundtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nike.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[15].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vyhledavac.aaa-sex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.incentaclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eroticke-povidky.sexytela[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@buycom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat-counter.fabrica.net[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kanoodle[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.allstar[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cbs.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shop.soundtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sex-doma[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adverticum[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[16].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[14].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@k.iinfo[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad3.bannerbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexshop[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@as1.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.100.tbn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@audit.median[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads1.partnerlogic[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@avsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrenaline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mystat.synch[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.stileproject[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ekonomika.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@phg.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adition[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cz.search.etargetnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wedoo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@as-eu.falkag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad9.bannerbank[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@showit[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.adreactor[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.clickhype[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[9].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.macromedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@keywordmax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@testdrive.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@targetnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eroticke-povidky.aaa-sex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.text.tbn[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rambler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stilemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mdlfr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@euros4click[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@megamediamagazine[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.allrealitypass[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@list[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-warnerbrothers.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adstat.4u[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexus[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[10].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partners.webmasterplan[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter11.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.planetactive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@traffic.buyservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eurosport-praha.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@search.etargetnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tds[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.glacier-hejda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.ent.tbn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hotlog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-gmi.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@phorum[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sixapart.adbureau[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.stilemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@topfun.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@4.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[8].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zabava.aaa-sex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cs.sexcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fortunecity[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexmaxx[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@abb[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@banner.webcz[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-ads.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.lesbianteenhunter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter7.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partygaming.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@click.zoopartners[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.easyad[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexx[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nejdelsi-penis.u-tube-tv[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.us.e-planning[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mb[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserver.a1media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@wlw.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@new-pcp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickaider[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@internet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@altastat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pacificpoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.play[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexytela[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kunraticke-jahody-ing-vaclav-ja.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gynekologicka-ordinace.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vysledky.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.fullreleases[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@please[7].txt
C:\Documents and Settings\Administrator\Cookies\administrator@earla.rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.cluso[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@soundtrack.estranky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrenalinesk[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@myhornycartoons[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kreid.rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@franceguide[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@158-OS[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornoblog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking.weinwelt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats.channel4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.adnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ajax_interface[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@animalsex-planet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nielsen.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.netrealit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@paycounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fuckphent[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultdvdmovies[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sport.idnes[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@click4sky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-salomon.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@metacafe.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@manazerska-akademie-jakosti.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@uzivatele.rajce.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@s[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@m1.webstats.motigo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.etracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ajax_interface[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@videoklipy.live-jasmin-sex-cams[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statsweb.bnpparibas[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@warezblog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexshopik[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornozpravy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rajce.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@musicmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.primeinteractive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adfarm1.adition[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xos.adbureau[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter4.sextracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@philips.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@protect.trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tvserialy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexlist[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dealclick.co[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072707600[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nextag[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.prolidi[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexonline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@jobdnes.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.websitetrafficreport[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxpower[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@v-usa-se-narodil-trojoky-kocour-se-dvema-tvaremi-fui-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@secure.click4sky[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edsa.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kvazar-micro.takeit.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sale.trustedantivirus[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.sexonline[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexshopik[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pornokomix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ochranari-chteji-koupit-a-zbourat-labskou-boudu-fto-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@estat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@top.porn-comics[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@jizdnirady.idnes[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.iqsys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@opilec-vjel-v-centru-prahy-autem-mezi-lidi-na-chodniku-pf1-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@vyskar-janku-zpevem-zastinil-i-karla-gotta-f2u-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@treti-pokus-samprasovi-vysel-federer-padl-fj3-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shop.pcprivacytool[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gomyhit[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.studentagency[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@security-center[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-foxmovies.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pcprivacytool[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@magnat-chrenek-klidne-si-dam-i-pivo-z-kelimku-fm0-[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adclickstats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zheltaya_hernya[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@158-OS[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mobilnihry.idnes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@forum.cz-warez[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediainfo[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.allstar[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@eroticke-povidky.aaa-sex[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.wz[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@clickaider[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@stat.onestat[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@partners.webmasterplan[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tradedoubler[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.adbrite[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@spylog[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@elektromedia[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@toplist[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@soundtrack.estranky[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@fan.soundtrack[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@nike.112.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@komtrack[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@rainbowmedia.122.2o7[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ad.wz[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@toplist[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@counter.cnw[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@advertising[3].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adtech[2].txt
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@komtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@spylog[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.stileproject[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.allstar[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@counter.cnw[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hentaicounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@i-stats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.adbrite[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.etracker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@klik.klikadvertising[1].txt

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-3079058028-503765614-3036146093-500\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2 ]

Desktop Hijacker.AboutYourPrivacy
C:\Documents and Settings\Administrator\Plocha\Error Cleaner.url
C:\Documents and Settings\Administrator\Plocha\Privacy Protector.url
C:\Documents and Settings\Administrator\Plocha\Spyware&Malware Protection.url
C:\Documents and Settings\Administrator\Oblíbené položky\Error Cleaner.url
C:\Documents and Settings\Administrator\Oblíbené položky\Privacy Protector.url
C:\Documents and Settings\Administrator\Oblíbené položky\Spyware&Malware Protection.url

Trojan.Downloader-Zlob/HDTIP
C:\WINDOWS\HDTIP.DLL

Trojan.MSSecure/System
D:\_ACER C\WINDOWS\SYSTEM32\MSSECURE.EXE

Trojan.NewExe
D:\_ACER C\WINDOWS\SYSTEM32\NEWEXE.EXE

Trojan.Microsoft Application Viewer
D:\_ACER C\WINDOWS\SYSTEM32\MSAPPVIEW32.EXE

Worm.SODABOT
D:\_ACER C\WINDOWS\SYSTEM32\LEXPLORE.EXE

Dialer.VacPro
D:\_ACER C\WINDOWS\DOWNLOADED PROGRAM FILES\INT_VER34.INF

Trojan.Unknown Origin
D:\_ACER C\WINDOWS\UMFKB23TCG\OAI4VZAQW0.VBS
D:\_ACER C\WINDOWS\ELITEUNSTALL.EXE
D:\_ACER C\WINDOWS\UNINSTALL_NMON.VBS

Trojan.SmartLoad
D:\_ACER C\WINDOWS\DRSMARTLOAD2.DAT

Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP8R1KCD\in[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OP8R1KCD\shadow_bottom[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\main_top[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_img1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5HVGDUHF\con1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\bord_bttm[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\con2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_txt[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut3_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\cut3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\03[1].swf
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\shadow_con_right[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut2_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\bord_lr2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\load_txt2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\cut4_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut3_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\shadow_con_left[1].png
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\main[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\cut1_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\cut2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\cut2_2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\down_n[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\home_s[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\load_pointer[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN1VRL4W\con4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GD0PAFOT\con3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\buy_n[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\load_flash_bg[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\cut4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\load_txt3[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8XE7KTYV\main_top2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5HVGDUHF\cut1_4[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXUZS5UN\load_bttn[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\27841RNQ\spacer[2].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JLX2VMRY\load_bg[1].gif


z Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:42, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gormet - {05406277-C73D-499F-8C8B-385A7C9994BA} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {2F4823C4-21E3-49E9-89C6-56A865FC3403} - C:\WINDOWS\pmkret.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6334 bytes

Stáhni si SmitFraudFix (by S!Ri)

Restartuj PC do nouzového režimu:
Spustíš SmitFraudFix - objeví se modrá obrazovka aplikace a stiskni libovolnou klávesu, tím se dostaneš do menu.
Zde zvol volbu číslo 2
Nechej proskenovat počítač.
Pokud budeš dotázán, zda povolíš čištění registrů (Do you want to clean the registry ?), stiskni klávesu Y (pozor na záměnu Y a Z na klávesnici)
Pokud budeš dotázán na odstranění zavirovaných souborů z počítače (Replace infected file ?), stiskneš opět klávesu Y.

Pak restartuj PC do normálního režimu, vlož sem z něho log který najdeš v souboru na C:\rapport.txt a udělej nový log z HijackThis a dej ho taky sem.

tak teď to vypadá líp, už jsem to jednou zkoušela, ale vrátilo se to, tak to snad vydrží

Log ze SmitFraudFix:

SmitFraudFix v2.254

Scan done at 19:33:16,50, po 26.11.2007
Run from C:\Documents and Settings\Administrator\Dokumenty\log\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:45, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gormet - {05406277-C73D-499F-8C8B-385A7C9994BA} - C:\WINDOWS\gormet.dll
O21 - SSODL: pmkret - {2F4823C4-21E3-49E9-89C6-56A865FC3403} - C:\WINDOWS\pmkret.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6196 bytes
[/b]

Ještě ti tam něco zůstalo, máš totiž starší verzi SmitFraudFix která ještě nedovedla dané soubory odstranit.

Stáhni si znovu prosím tě z odkazu aktuální SmitFraudFix (v2.255) a použij ho a vlož sem příslušný log + nový log z HJT.

tak znovu, zatim to vypadá fakt dobře

SmitFraudFix v2.255

Scan done at 21:44:24,82, po 26.11.2007
Run from C:\Documents and Settings\Administrator\Plocha\SmitfraudFix
OS: Microsoft Windows XP [Verze 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\gormet.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{05406277-C73D-499F-8C8B-385A7C9994BA}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{05406277-C73D-499F-8C8B-385A7C9994BA}]
C:\WINDOWS\monhop.exe Deleted
C:\WINDOWS\pmkret.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{2F4823C4-21E3-49E9-89C6-56A865FC3403}]

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{974BD03B-D376-40F7-93AF-E8ADDCAC2BF7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:25, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Dokumenty\log\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/vista/prog/CLVistaGenie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 5943 bytes

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)
po zaškrtnutí klikni na tlačítko Fix Checked

Pro lepší zabezpečení by bylo dobré si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině, čeština by měla být asi až od verze 3 která by se měl objevit v brzké době
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině

Stáhni si a spusť T-cleaner

Pokud nemáš další problémy tak by to bylo vše.

Vypadá to fakt dobře, moc děkuju za pomoc.

Nemáš za co