Prosím o kontrolu logu.

[Melania]

Tak tu je log z Combofixu.

ComboFix 10-07-08.02 - admin 09.07.2010 20:47:04.13.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1007.427 [GMT 2:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.

2010-07-09 13:25 . 2010-07-09 13:34 -------- d-----w- c:\program files\ScreenParts
2010-07-09 13:04 . 2010-07-09 13:04 3738 ----a-w- c:\windows\unins000.dat
2010-07-09 13:04 . 2010-07-09 13:04 -------- d-----w- c:\program files\Atlant Software
2010-07-09 13:04 . 2010-07-09 13:04 667998 ----a-w- c:\windows\unins000.exe
2010-07-09 12:38 . 2010-07-09 12:43 -------- d-----w- c:\program files\Notepad++
2010-07-09 12:38 . 2010-07-09 12:43 -------- d-----w- c:\documents and settings\admin\Application Data\Notepad++
2010-07-08 11:51 . 2010-07-08 11:51 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-08 11:26 . 2010-07-08 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Chat Republic Games
2010-06-11 05:33 . 2010-06-11 05:33 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 16:54 . 2008-12-23 19:30 -------- d-----w- c:\documents and settings\admin\Application Data\Skype
2010-07-09 14:00 . 2008-12-23 19:32 -------- d-----w- c:\documents and settings\admin\Application Data\skypePM
2010-07-08 18:52 . 2009-01-17 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 18:37 . 2008-12-22 19:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-08 18:37 . 2008-12-22 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-08 11:39 . 2008-12-22 19:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 11:39 . 2009-01-02 11:51 -------- d-----w- c:\program files\Rockstar Games
2010-07-08 11:34 . 2008-12-24 11:12 -------- d-----w- c:\program files\BitLord
2010-07-08 11:31 . 2009-11-01 22:48 -------- d-----w- c:\program files\DivX
2010-07-08 11:29 . 2009-08-04 13:34 -------- d-----w- c:\program files\trailer park tycoon
2010-07-08 11:28 . 2009-12-01 15:22 -------- d-----w- c:\program files\Play
2010-07-08 11:25 . 2009-01-10 06:11 -------- d-----w- c:\program files\Fishdom
2010-07-07 20:02 . 2009-01-02 11:24 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-07-04 09:29 . 2008-12-22 16:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-15 14:23 . 2009-08-28 08:46 -------- d-----w- c:\documents and settings\admin\Application Data\YoudaGames
2010-06-15 08:02 . 2010-01-02 19:00 230432 ----a-w- C:\StiImg.dat
2010-06-11 12:26 . 2010-03-11 15:43 -------- d-----w- c:\documents and settings\admin\Application Data\bang
2010-06-09 01:15 . 2008-12-23 19:30 -------- d-----r- c:\program files\Skype
2010-05-04 17:20 . 2008-04-23 00:16 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2008-07-12 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2008-07-12 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2008-04-14 08:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2009-01-17 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-01-17 19:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2008-04-14 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 18:07 . 2009-06-19 13:59 39249408 ----a-w- C:\eav_nt32_csy.msi
2009-01-18 15:30 . 2009-01-18 15:30 16168344 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-08_20.02.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-09 06:30 . 2010-07-09 06:30 16384 c:\windows\temp\Perflib_Perfdata_224.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2007-09-30 200704]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-02 16049664]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-26 2140880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Belkin Storage Manager\\StorageManager.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [26.2.2010 6:41 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [26.2.2010 6:41 810120]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 16:05 1021256]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 8:16 162176]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 8:24 10064]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-07-09 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:12]

2010-07-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-27 15:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\PCTRAN~1\webie.dll
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-09 20:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(400)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2010-07-09 20:54:00
ComboFix-quarantined-files.txt 2010-07-09 18:53
ComboFix2.txt 2010-07-09 17:53
ComboFix3.txt 2010-07-08 20:04

Pre-Run: 4 118 429 696 bytes free
Post-Run: 4 103 278 592 bytes free

- - End Of File - - 7798E2D9EC6EEC700A4A2770EB957357

[Reklama]

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\unins000.dat
c:\windows\unins000.exe
C:\StiImg.dat

Firefox::
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\wsinwa0q.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[Melania]

No,ja to vzdavam,necham to asi na servis ten notepad nejak nespolupracuje, v ponuke start ani v c:\windows\system32 ho nemam...
Chybaju mi stale niektore ikony na ploche,ako kos,tento pocitac...
Nacitava uplne krasne,ale toto s tym je stale problem

[jaro3]

můžeš spustit ten Dial-a-fix ,opraví Ti všechny soubory win a dá je na správné místo. Pokud máš instalačku winXP. Pak můžem pokračovat.
Záleží na Tobě.

Jdu asi spát , takže když budeš chtít , tak budem pokračovat ráno.