PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:39, on 5.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ToGo Game\Fish Tycoon\Fish Tycoon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: cpmsky browser optimizer - {58446c83-f800-72d5-c3db-1258341e22c0} - C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mysidesearch search enhancer - {9b9391fb-9a7f-f7f0-26fb-c8cd491fdae1} - C:\WINDOWS\system32\{14675D7A-84C9-CE22-9E05-ADC6300FFBBC}.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [{e5fe06ef-0a42-cf53-54cb-869ebe257683}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll" DllInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Skype672] C:\PROGRA~1\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9284 bytes

Pokud máš Comodo FW v.3 tak vypni v němu Defense+ modul před použitím ComboFixu a po jeho proběhnutí si ho zapni zpět.:
Klikni pravým tlačítkem myši na ikonu Comoda: Defense+ Security Level => na Disabled

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

...mam Comodo FW Pro...
...a tu prikladam C:\ComboFix.txt


ComboFix 08-06-05.2 - admin 2008-06-05 20:36:47.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.606 [GMT 2:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk
C:\Documents and Settings\admin\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk
C:\Program Files\Adzgalore Games Collection
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe
C:\Program Files\Adzgalore Games Collection\Lines.exe
C:\Program Files\Adzgalore Games Collection\uninstall.exe
C:\Program Files\Adzgalore Games Collection\VideoPool.exe
C:\WINDOWS\system32\adzgalore-remove.exe
C:\WINDOWS\system32\nse2D.dll
C:\WINDOWS\system32\nst20.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2008-06-03 14:35 . 2008-06-03 14:35 196,608 --a------ C:\WINDOWS\system32\POInstaller.exe
2008-06-03 14:28 . 2008-06-03 14:32 90,802 --a------ C:\WINDOWS\system32\{14675D7A-84C9-CE22-9E05-ADC6300FFBBC}.dll-uninst.exe
2008-06-03 14:27 . 2008-06-03 14:32 63,916 --a------ C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll-uninst.exe
2008-06-02 07:32 . 2008-06-02 07:32 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-06-01 16:13 . 2008-06-01 16:13 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-01 16:13 . 2008-06-05 20:26 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-05-30 18:43 . 2008-05-30 18:43 444,928 --a------ C:\WINDOWS\system32\{14675D7A-84C9-CE22-9E05-ADC6300FFBBC}.dll
2008-05-30 00:01 . 2008-05-30 00:01 <DIR> d-------- C:\Program Files\Sony Corporation
2008-05-30 00:01 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-05-30 00:01 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-05-30 00:01 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-05-30 00:01 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-05-30 00:01 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-05-30 00:01 . 2001-08-31 15:07 27,255 --------- C:\WINDOWS\system32\drivers\NWWMUSB.sys
2008-05-30 00:01 . 2002-09-11 10:20 11,510 --------- C:\WINDOWS\system32\drivers\VMCUSB.sys
2008-05-30 00:00 . 2008-05-30 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-30 00:00 . 2006-05-11 12:05 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-05-30 00:00 . 2006-05-11 12:02 643,072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-05-30 00:00 . 2006-05-11 12:03 585,728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-05-30 00:00 . 2006-05-11 12:05 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-05-29 23:59 . 2008-05-30 00:01 <DIR> d-------- C:\Program Files\Sony
2008-05-29 23:59 . 2008-05-30 00:01 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59 . 2008-06-02 07:32 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Sony Corporation
2008-05-29 21:14 . 2008-05-29 21:14 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-24 10:17 . 2008-05-24 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES
2008-05-22 22:28 . 2008-05-22 22:28 <DIR> d-------- C:\WINDOWS\system32\languages
2008-05-22 21:59 . 2008-05-22 22:28 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-05-21 15:34 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-05-21 15:34 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-05-21 15:34 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-05-21 15:32 . 2008-05-21 15:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-21 15:30 . 2008-05-21 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-21 15:30 . 2008-05-21 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-21 14:21 . 2008-05-21 14:22 <DIR> d-------- C:\Program Files\Picasa2
2008-05-19 23:13 . 2008-05-19 23:13 <DIR> d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-05-19 23:12 . 2008-05-19 23:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-18 23:46 . 2008-05-18 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-18 23:17 . 2008-05-18 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-18 23:17 . 2008-05-19 19:37 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 23:16 . 2008-05-19 20:00 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-18 23:16 . 2008-05-18 23:16 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-18 23:16 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-18 23:16 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-18 23:15 . 2008-05-19 19:51 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-18 22:49 . 2008-05-22 20:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 22:48 . 2008-05-18 22:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-18 21:23 . 2008-05-18 21:23 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 21:06 . 2008-05-18 23:42 <DIR> d-------- C:\Program Files\COMODO
2008-05-18 21:06 . 2008-05-18 23:46 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Comodo
2008-05-17 20:44 . 2008-06-04 06:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 20:44 . 2008-05-17 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-17 20:44 . 2008-05-19 21:45 <DIR> d-------- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
2008-05-16 13:21 . 2008-05-16 13:21 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-16 11:13 . 2008-05-16 11:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 10:21 . 2008-05-23 18:21 3,732 --a------ C:\WINDOWS\wtran32.INI
2008-05-16 10:21 . 2008-05-23 18:21 0 --a------ C:\WINDOWS\XXLGSC
2008-05-16 10:16 . 2008-05-19 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 09:42 . 2008-05-16 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-14 00:52 . 2008-05-16 10:22 538 --a------ C:\WINDOWS\webtran4.INI
2008-05-12 22:04 . 2008-05-13 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-12 22:02 . 2008-05-13 10:48 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:59 . 2008-05-12 21:59 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Symantec
2008-05-12 13:33 . 2008-05-12 13:33 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-12 10:55 . 2008-05-12 10:55 <DIR> d-------- C:\Program Files\directx
2008-05-11 19:21 . 2008-05-11 19:33 <DIR> d-------- C:\Program Files\Rockstar Games
2008-05-05 13:07 . 2008-05-05 13:07 332,288 --a------ C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 16:06 --------- d-----w C:\Documents and Settings\admin\Application Data\skypePM
2008-06-03 12:18 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-06-01 19:13 --------- d-----w C:\Program Files\Mahjong Holidays 2005
2008-06-01 14:13 --------- d-----w C:\Program Files\Skype
2008-06-01 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-31 07:25 --------- d-----w C:\Documents and Settings\admin\Application Data\AdobeUM
2008-05-30 19:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-29 22:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 20:27 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-19 19:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 17:55 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-19 17:54 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-18 11:59 --------- d-----w C:\Program Files\Speeditup Free
2008-05-18 11:31 --------- d-----w C:\Program Files\Java
2008-05-13 22:51 --------- d-----w C:\Program Files\PC Translator
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 09:08 --------- d-----w C:\Program Files\BitComet
2008-04-29 07:46 --------- d-----w C:\Program Files\Each Program Mapi
2008-04-27 13:25 --------- d-----w C:\Documents and Settings\admin\Application Data\.wyzo
2008-04-27 11:31 --------- d-----w C:\Program Files\LimeWire
2008-04-26 15:00 --------- d-----w C:\Program Files\Opera
2008-04-26 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-20 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-04-20 12:13 --------- d-----w C:\Program Files\Virtual Villagers
2008-04-20 12:13 --------- d-----w C:\Program Files\Atlantis
2008-04-20 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
2008-04-20 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FireGlow
2008-04-20 10:02 --------- d-----w C:\Program Files\ToGo Game
2008-04-20 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-04-20 09:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Chasing Dogs Studios
2008-04-19 07:42 --------- d-----w C:\Program Files\Ultimate Riders
2008-04-18 17:16 --------- d-----w C:\Documents and Settings\admin\Application Data\IObit
2008-04-18 17:15 --------- d-----w C:\Program Files\A1Click Ultra PC Cleaner
2008-04-18 16:24 --------- d-----w C:\Program Files\ICQToolbar
2008-04-18 16:19 --------- d-----w C:\Documents and Settings\admin\Application Data\ICQ
2008-04-18 16:01 --------- d-----w C:\Program Files\Absolute Uninstaller
2008-04-18 15:59 --------- d-----w C:\Documents and Settings\admin\Application Data\GlarySoft
2008-04-18 13:54 --------- d-----w C:\Program Files\VSRevoGroup
2008-04-18 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 13:46 --------- d-----w C:\Documents and Settings\admin\Application Data\AVG7
2008-04-18 13:32 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-04-18 13:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-15 21:38 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-15 16:27 --------- d-----w C:\Program Files\GrassSoft
2008-04-10 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-10 13:06 --------- d-----w C:\Program Files\Arctic Bear Advanced
2008-04-08 15:21 --------- d-----w C:\Program Files\Virtools
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-25 20:33 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58446c83-f800-72d5-c3db-1258341e22c0}]
2008-05-05 13:07 332288 --a------ C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b9391fb-9a7f-f7f0-26fb-c8cd491fdae1}]
2008-05-30 18:43 444928 --a------ C:\WINDOWS\system32\{14675D7A-84C9-CE22-9E05-ADC6300FFBBC}.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20 2194744]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 23:07 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 06:46 1506544]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"Skype672"="C:\PROGRA~1\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-18 23:42 1115728]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]
"{e5fe06ef-0a42-cf53-54cb-869ebe257683}"="C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll" [2008-05-05 13:07 332288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 10:07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15810:TCP"= 15810:TCP:BitComet 15810 TCP
"15810:UDP"= 15810:UDP:BitComet 15810 UDP
"26451:TCP"= 26451:TCP:BitComet 26451 TCP
"26451:UDP"= 26451:UDP:BitComet 26451 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 12:39]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 11:46]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-19 19:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 15:15:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-23 15:16:02 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 20:38:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-05 20:38:49
ComboFix-quarantined-files.txt 2008-06-05 18:38:41

Pre-Run: 21,743,939,584 bytes free
Post-Run: 21,795,655,680 bytes free

239 --- E O F --- 2008-05-23 05:23:23

Otestuj tento soubor na VirusTotal a vlož sem výsledek:
C:\WINDOWS\system32\POInstaller.exe

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

...prikladam log ComboFix


ComboFix 08-06-05.2 - admin 2008-06-06 22:10:28.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.494 [GMT 2:00]
Running from: C:\Downloads\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\{14675D7A-84C9-CE22-9E05-ADC6300FFBBC}.dll
C:\WINDOWS\system32\{14675D7A-84C9-CE22-9E05-ADC6300FFBBC}.dll-uninst.exe
C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll
C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll-uninst.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\{14675D7A-84C9-CE22-9E05-ADC6300FFBBC}.dll-uninst.exe
C:\WINDOWS\system32\{14675D7A-84C9-CE22-9E05-ADC6300FFBBC}.dll
C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll-uninst.exe
C:\WINDOWS\system32\{6384c239-862d-057d-9cc3-ca08d8cb8632}.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-06 21:05 . 2008-06-06 21:05 <DIR> d-------- C:\Program Files\VirusTotalUploader
2008-06-03 14:35 . 2008-06-03 14:35 196,608 --a------ C:\WINDOWS\system32\POInstaller.exe
2008-06-02 07:32 . 2008-06-02 07:32 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage
2008-06-01 16:13 . 2008-06-01 16:13 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-01 16:13 . 2008-06-06 21:56 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-05-30 00:01 . 2008-05-30 00:01 <DIR> d-------- C:\Program Files\Sony Corporation
2008-05-30 00:01 . 2001-09-13 02:15 90,112 --------- C:\WINDOWS\snymsico.dll
2008-05-30 00:01 . 2002-08-08 15:51 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-05-30 00:01 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2008-05-30 00:01 . 2003-11-10 12:31 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2008-05-30 00:01 . 2003-04-01 18:55 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2008-05-30 00:01 . 2001-08-31 15:07 27,255 --------- C:\WINDOWS\system32\drivers\NWWMUSB.sys
2008-05-30 00:01 . 2002-09-11 10:20 11,510 --------- C:\WINDOWS\system32\drivers\VMCUSB.sys
2008-05-30 00:00 . 2008-05-30 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-30 00:00 . 2006-05-11 12:05 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2008-05-30 00:00 . 2006-05-11 12:02 643,072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2008-05-30 00:00 . 2006-05-11 12:03 585,728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2008-05-30 00:00 . 2006-05-11 12:05 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2008-05-29 23:59 . 2008-05-30 00:01 <DIR> d-------- C:\Program Files\Sony
2008-05-29 23:59 . 2008-05-30 00:01 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59 . 2008-06-02 07:32 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Sony Corporation
2008-05-29 21:14 . 2008-05-29 21:14 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-24 10:17 . 2008-05-24 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\POPWWPROFILES
2008-05-22 22:28 . 2008-05-22 22:28 <DIR> d-------- C:\WINDOWS\system32\languages
2008-05-22 21:59 . 2008-05-22 22:28 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-05-21 15:34 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-05-21 15:34 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-05-21 15:34 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-05-21 15:32 . 2008-05-21 15:32 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-21 15:30 . 2008-05-21 15:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-21 15:30 . 2008-05-21 15:31 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-21 14:21 . 2008-05-21 14:22 <DIR> d-------- C:\Program Files\Picasa2
2008-05-19 23:13 . 2008-05-19 23:13 <DIR> d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-05-19 23:12 . 2008-05-19 23:12 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-18 23:46 . 2008-05-18 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-05-18 23:17 . 2008-05-18 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-18 23:17 . 2008-05-19 19:37 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 23:16 . 2008-05-19 20:00 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-05-18 23:16 . 2008-05-18 23:16 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-18 23:16 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-05-18 23:16 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-05-18 23:15 . 2008-05-19 19:51 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-18 22:49 . 2008-05-22 20:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 22:48 . 2008-05-18 22:58 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-18 21:23 . 2008-05-18 21:23 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 21:06 . 2008-05-18 23:42 <DIR> d-------- C:\Program Files\COMODO
2008-05-18 21:06 . 2008-05-18 23:46 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Comodo
2008-05-17 20:44 . 2008-06-04 06:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 20:44 . 2008-05-17 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-17 20:44 . 2008-05-19 21:45 <DIR> d-------- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
2008-05-16 13:21 . 2008-05-16 13:21 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-16 11:13 . 2008-05-16 11:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 10:21 . 2008-05-23 18:21 3,732 --a------ C:\WINDOWS\wtran32.INI
2008-05-16 10:21 . 2008-05-23 18:21 0 --a------ C:\WINDOWS\XXLGSC
2008-05-16 10:16 . 2008-05-19 00:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-16 09:42 . 2008-05-16 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-14 00:52 . 2008-05-16 10:22 538 --a------ C:\WINDOWS\webtran4.INI
2008-05-12 22:04 . 2008-05-13 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-12 22:02 . 2008-05-13 10:48 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:59 . 2008-05-12 21:59 <DIR> d-------- C:\Documents and Settings\admin\Application Data\Symantec
2008-05-12 13:33 . 2008-05-12 13:33 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-12 10:55 . 2008-05-12 10:55 <DIR> d-------- C:\Program Files\directx
2008-05-11 19:21 . 2008-05-11 19:33 <DIR> d-------- C:\Program Files\Rockstar Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 15:28 --------- d-----w C:\Documents and Settings\admin\Application Data\skypePM
2008-06-03 12:18 --------- d-----w C:\Documents and Settings\admin\Application Data\LimeWire
2008-06-01 19:13 --------- d-----w C:\Program Files\Mahjong Holidays 2005
2008-06-01 14:13 --------- d-----w C:\Program Files\Skype
2008-06-01 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-31 07:25 --------- d-----w C:\Documents and Settings\admin\Application Data\AdobeUM
2008-05-30 19:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-29 22:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 20:27 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-19 19:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 17:55 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-05-19 17:54 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-18 11:59 --------- d-----w C:\Program Files\Speeditup Free
2008-05-18 11:31 --------- d-----w C:\Program Files\Java
2008-05-13 22:51 --------- d-----w C:\Program Files\PC Translator
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-29 09:08 --------- d-----w C:\Program Files\BitComet
2008-04-29 07:46 --------- d-----w C:\Program Files\Each Program Mapi
2008-04-27 13:25 --------- d-----w C:\Documents and Settings\admin\Application Data\.wyzo
2008-04-27 11:31 --------- d-----w C:\Program Files\LimeWire
2008-04-26 15:00 --------- d-----w C:\Program Files\Opera
2008-04-26 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-20 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-04-20 12:13 --------- d-----w C:\Program Files\Virtual Villagers
2008-04-20 12:13 --------- d-----w C:\Program Files\Atlantis
2008-04-20 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Chasing Dogs Studios
2008-04-20 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FireGlow
2008-04-20 10:02 --------- d-----w C:\Program Files\ToGo Game
2008-04-20 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-04-20 09:12 --------- d-----w C:\Documents and Settings\admin\Application Data\Chasing Dogs Studios
2008-04-19 07:42 --------- d-----w C:\Program Files\Ultimate Riders
2008-04-18 17:16 --------- d-----w C:\Documents and Settings\admin\Application Data\IObit
2008-04-18 17:15 --------- d-----w C:\Program Files\A1Click Ultra PC Cleaner
2008-04-18 16:24 --------- d-----w C:\Program Files\ICQToolbar
2008-04-18 16:19 --------- d-----w C:\Documents and Settings\admin\Application Data\ICQ
2008-04-18 16:01 --------- d-----w C:\Program Files\Absolute Uninstaller
2008-04-18 15:59 --------- d-----w C:\Documents and Settings\admin\Application Data\GlarySoft
2008-04-18 13:54 --------- d-----w C:\Program Files\VSRevoGroup
2008-04-18 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 13:46 --------- d-----w C:\Documents and Settings\admin\Application Data\AVG7
2008-04-18 13:32 --------- d-----w C:\Program Files\Smarty Uninstaller Pro
2008-04-18 13:13 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-15 21:38 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-15 16:27 --------- d-----w C:\Program Files\GrassSoft
2008-04-10 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-10 13:06 --------- d-----w C:\Program Files\Arctic Bear Advanced
2008-04-08 15:21 --------- d-----w C:\Program Files\Virtools
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-01-25 20:33 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_20.38.33,73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 12:39:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 15:28:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-21 09:58:58 242,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-06 15:28:14 244,720 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-06 15:28:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20 2194744]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 23:07 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 06:46 1506544]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"Skype672"="C:\PROGRA~1\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05 1953792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-18 23:42 1115728]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 10:07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15810:TCP"= 15810:TCP:BitComet 15810 TCP
"15810:UDP"= 15810:UDP:BitComet 15810 UDP
"26451:TCP"= 26451:TCP:BitComet 26451 TCP
"26451:UDP"= 26451:UDP:BitComet 26451 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 12:39]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 UxTuneUp;TuneUp rozšíření vzhledu;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 PAC207;VideoCAM GE111;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 11:46]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 00:04]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-19 19:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 15:15:11 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-23 15:16:02 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 22:11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-06 22:12:28
ComboFix-quarantined-files.txt 2008-06-06 20:12:18
ComboFix2.txt 2008-06-05 18:38:50

Pre-Run: 21,688,188,928 bytes free
Post-Run: 21,704,392,704 bytes free

232 --- E O F --- 2008-05-23 05:23:23

Stáhni si Suspicious File Packer
Rozbal ho a spusť ho (soubor sfp.exe)
Do okna, které se ti zobrazí, zkopíruj a vlož tento tučně označený text:
C:\WINDOWS\system32\POInstaller.exe

pak klikni na tlačítko Continue
Program se ti přepne do druhého okna Step2: Create archive
Zavři program.
Na ploše se ti vytvoří soubor requested-files[2007-07-30_HH_MM].cab (místo 2007-07-30 budeš mít aktuální datum a kde HH - hodina a MM minuty) Budeš pak muset u vytvořeného archivu přejmenovat příponu souboru z cab na zip nebo rar, nebo celý soubor pak znovu zabal (rarem, zipem) a vlož ho sem jako přílohu.

Poznámka: Je možné že už dané soubory nebudeš mít na disku, takže se ti nemusí vytvořit archiv + dej sem s ním zároveň nový log z HJT.

...prikladam log z HJC a jako prilohu requested-files...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:34, on 8.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\ToGo Game\Fish Tycoon\Fish Tycoon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Skype672] C:\PROGRA~1\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8659 bytes

tak snad uz to je tu: requested-files :-))

//díky za nahrání
fredik

Takže ten soubor (poinstaller.exe)smaž:
C:\WINDOWS\system32\POInstaller.exe

V HJT fixni tyto položky:
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

Doporučil bych ti ještě aktualizovat Javu (návod minule)

Máš ještě nějaké problémy?

//ještě jsem zapomněl. Je krapet divné že máš nastaveno spouštění Skypu 2x se startem Win.

* DAKUJEM ! *