PC-HELP.CZ

...vkladam log z HJC
...comp ide strasne moc pomaly, zamrza ... ne IE mi nechce nacitavat stranky,... nejdu mi aktualizacie,... no a aby toho nebolo malo, vyskakuje mi tu reklama za reklamou nejakych porno stranok a blbiny tomu podobne ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:39, on 24.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C2975692-E7ED-4C43-8A85-A7F291781405} - C:\WINDOWS\system32\khfGVOfg.dll
O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM2324aa02] Rundll32.exe "C:\WINDOWS\system32\ogoojqdu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8607 bytes

Pokud máš Comodo FW v.3 tak vypni v němu Defense+ modul před použitím ComboFixu a po jeho proběhnutí si ho zapni zpět.:
Klikni pravým tlačítkem myši na ikonu Comoda: Defense+ Security Level => na Disabled

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

> > vkladam log z DSS main.txt

Deckard's System Scanner v20071014.68
Run by admin on 2008-06-26 12:37:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-26 10:37:22 UTC - RP37 - Deckard's System Scanner Restore Point
2: 2008-06-25 21:15:36 UTC - RP36 - Last known good configuration
1: 2008-06-25 21:15:31 UTC - RP35 - Kontrolný bod systému


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38, on 2008-06-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {544AFF8D-5D88-48BD-94D5-F4FE55254A2D} - C:\WINDOWS\system32\geBSmJDv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2017999e] rundll32.exe "C:\WINDOWS\system32\gsqshkeb.dll",b
O4 - HKLM\..\Run: [BM2324aa02] Rundll32.exe "C:\WINDOWS\system32\ivmwwmkd.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8920 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080518-204704-343 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
backup-20080518-204704-633 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080518-204704-843 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
backup-20080518-204704-854 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
backup-20080608-211046-686 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
backup-20080608-211046-906 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
backup-20080608-213124-917 O4 - HKCU\..\Run: [Skype672] C:\PROGRA~1\Skype\Phone\Skype.exe
backup-20080623-230239-243 O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
backup-20080623-230239-295 O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
backup-20080623-230239-480 O4 - HKLM\..\Run: [BM2324aa02] Rundll32.exe "C:\WINDOWS\system32\cyjqmtme.dll",s
backup-20080623-230239-616 O4 - HKLM\..\Run: [2017999e] rundll32.exe "C:\WINDOWS\system32\cjeljgbu.dll",b
backup-20080623-230239-795 O2 - BHO: (no name) - {6E1D5175-1A1B-4DD2-A309-F209FFE4EA1B} - C:\WINDOWS\system32\khfGVOfg.dll
backup-20080624-105614-115 O4 - HKLM\..\Run: [2017999e] rundll32.exe "C:\WINDOWS\system32\fkadocni.dll",b
backup-20080624-105614-325 O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
backup-20080624-105614-510 O4 - HKLM\..\Run: [BM2324aa02] Rundll32.exe "C:\WINDOWS\system32\ogoojqdu.dll",s
backup-20080624-105614-522 O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
backup-20080624-105614-668 O2 - BHO: (no name) - {62B37E7E-D466-47D3-8602-393B3C3B16C4} - C:\WINDOWS\system32\khfGVOfg.dll
backup-20080624-113000-718 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
backup-20080624-230045-305 O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
backup-20080624-230045-463 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080624-230045-887 O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\Icons\NewSilverSystem[1]\NewSilverSystem.icl,52
.ini - inifile - DefaultIcon - C:\WINDOWS\Icons\NewSilverSystem[1]\NewSilverSystem.icl,49
.txt - txtfile - DefaultIcon - C:\WINDOWS\Icons\NewSilverSystem[1]\NewSilverSystem.icl,46


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 srescan - c:\windows\system32\zonelabs\srescan.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - c:\windows\system32\drivers\se2ebus.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>
S3 SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - c:\windows\system32\drivers\se2emdfl.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Modem Filter Driver>
S3 SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - c:\windows\system32\drivers\se2emdm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Data Modem>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 17:16:02 374 --a------ C:\WINDOWS\Tasks\Úklid 1 kliknutím.job
2008-05-23 17:15:11 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-25 23:16:12 81920 --a------ C:\WINDOWS\system32\gsqshkeb.dll
2008-06-25 23:16:05 91136 --a------ C:\WINDOWS\system32\ivmwwmkd.dll
2008-06-25 23:15:21 436224 --ahs---- C:\WINDOWS\system32\vDJmSBeg.ini2
2008-06-25 23:15:18 323072 --a------ C:\WINDOWS\system32\geBSmJDv.dll
2008-06-25 21:58:31 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-25 21:55:29 68096 --a------ C:\WINDOWS\zip.exe
2008-06-25 21:55:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-25 21:55:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-25 21:55:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-25 21:55:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-25 21:55:29 98816 --a------ C:\WINDOWS\sed.exe
2008-06-25 21:55:29 80412 --a------ C:\WINDOWS\grep.exe
2008-06-25 21:55:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-25 21:22:41 91136 --a------ C:\WINDOWS\system32\qktrhxsr.dll
2008-06-25 13:44:16 91136 --a------ C:\WINDOWS\system32\jtaaxakr.dll
2008-06-24 21:48:38 0 d-------- C:\Program Files\VideoCAM GE111
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files\PCCamera
2008-06-24 13:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-24 10:57:09 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-06-24 09:41:59 81408 --a------ C:\WINDOWS\system32\fkadocni.dll
2008-06-24 09:41:52 91136 --a------ C:\WINDOWS\system32\ogoojqdu.dll
2008-06-23 14:03:24 0 d-------- C:\Documents and Settings\admin\Application Data\Playrix Entertainment
2008-06-23 10:40:25 0 d-------- C:\WINDOWS\Supermarket Mania
2008-06-23 09:58:58 0 d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-23 09:41:32 80384 --a------ C:\WINDOWS\system32\cjeljgbu.dll
2008-06-23 09:41:25 90624 --a------ C:\WINDOWS\system32\cyjqmtme.dll
2008-06-23 09:38:39 24576 --a------ C:\WINDOWS\system32\ddcYrQiJ.dll
2008-06-23 09:35:34 24576 --a------ C:\WINDOWS\system32\wvUMGxwt.dll
2008-06-17 22:47:23 0 d-------- C:\WINDOWS\Album
2008-06-17 20:56:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-14 10:57:34 230432 --a------ C:\StiImg.dat
2008-06-11 12:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-10 20:56:16 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-06-10 20:56:00 0 d-------- C:\Program Files\Skype
2008-06-10 20:55:59 0 d-------- C:\Program Files\Common Files\Skype
2008-06-09 12:12:21 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-09 12:11:38 0 d-------- C:\Program Files\Image-Line
2008-06-09 12:11:18 0 d-------- C:\Program Files\Outsim
2008-06-08 21:28:11 41984 --a------ C:\WINDOWS\17PHolmes1381.exe
2008-06-08 21:27:34 0 d-------- C:\WINDOWS\Balloon Bliss
2008-06-08 21:23:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-08 20:39:58 0 d-------- C:\Documents and Settings\All Users\Application Data\close poke frag ooze
2008-06-08 18:20:58 0 d-------- C:\Documents and Settings\admin\Application Data\Alawar
2008-06-08 18:15:25 0 d-------- C:\Program Files\Alawar
2008-06-07 21:21:25 0 d-------- C:\Documents and Settings\admin\Application Data\WinRAR
2008-06-06 21:05:54 0 d-------- C:\Program Files\VirusTotalUploader
2008-06-02 07:32:16 0 d-------- C:\Documents and Settings\All Users\SonicStage
2008-05-30 00:01:35 0 d-------- C:\Program Files\Sony Corporation
2008-05-30 00:00:53 770048 --a------ C:\WINDOWS\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-05-30 00:00:53 585728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-05-30 00:00:53 73728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-05-30 00:00:53 643072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-05-30 00:00:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-29 23:59:53 0 d-------- C:\Program Files\Sony
2008-05-29 23:59:24 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59:24 0 d-------- C:\Documents and Settings\admin\Application Data\Sony Corporation
2008-05-29 21:14:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-26 12:04:40 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-06-24 21:49:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files
2008-06-17 20:01:04 0 d-------- C:\Program Files\Opera
2008-06-10 09:12:29 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-09 07:45:43 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-06-04 06:46:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 21:13:53 0 d-------- C:\Program Files\Mahjong Holidays 2005
2008-05-31 09:25:56 0 d-------- C:\Documents and Settings\admin\Application Data\AdobeUM
2008-05-30 21:25:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 23:53:12 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-05-23 18:21:20 0 --a------ C:\WINDOWS\XXLGSC
2008-05-22 22:28:52 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-22 22:27:09 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-21 15:32:26 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-21 14:22:07 0 d-------- C:\Program Files\Picasa2
2008-05-19 23:13:33 0 d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-05-19 23:12:56 0 d-------- C:\Program Files\VideoLAN
2008-05-19 21:46:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 21:45:12 0 d-------- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
2008-05-19 19:37:36 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 23:46:11 0 d-------- C:\Documents and Settings\admin\Application Data\Comodo
2008-05-18 23:42:20 0 d-------- C:\Program Files\COMODO
2008-05-18 22:58:55 0 d-------- C:\Program Files\SpywareBlaster
2008-05-18 21:23:38 0 d-------- C:\Program Files\CCleaner
2008-05-18 13:59:07 0 d-------- C:\Program Files\Speeditup Free
2008-05-18 13:31:52 0 d-------- C:\Program Files\Java
2008-05-16 11:13:23 0 d-------- C:\Program Files\Trend Micro
2008-05-14 00:51:59 0 d-------- C:\Program Files\PC Translator
2008-05-13 10:48:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:59:46 0 d-------- C:\Documents and Settings\admin\Application Data\Symantec
2008-05-12 13:33:38 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-12 10:55:14 0 d-------- C:\Program Files\directx
2008-05-11 19:33:10 0 d-------- C:\Program Files\Rockstar Games
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-29 11:08:27 0 d-------- C:\Program Files\BitComet
2008-04-27 15:25:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-27 15:25:31 0 d-------- C:\Documents and Settings\admin\Application Data\.wyzo
2008-04-27 13:31:54 0 d-------- C:\Program Files\LimeWire
2008-04-26 17:01:18 0 d-------- C:\Documents and Settings\admin\Application Data\Opera
2008-04-15 23:38:59 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{544AFF8D-5D88-48BD-94D5-F4FE55254A2D}]
2008-06-25 23:15 323072 --a------ C:\WINDOWS\system32\geBSmJDv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}]
2008-06-23 09:35 24576 --a------ C:\WINDOWS\system32\wvUMGxwt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46]
"nwiz"="nwiz.exe" [2008-05-02 22:46 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-18 23:42]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-03-23 18:30]
"2017999e"="C:\WINDOWS\system32\gsqshkeb.dll" [2008-06-25 23:16]
"BM2324aa02"="C:\WINDOWS\system32\ivmwwmkd.dll" [2008-06-25 23:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 23:07]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 06:46]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 10:07 77824]
"{F86B11F3-0CE1-475F-9541-5329BF7B3597}"= C:\WINDOWS\system32\wvUMGxwt.dll [2008-06-23 09:35 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMGxwt]
wvUMGxwt.dll 2008-06-23 09:35 24576 C:\WINDOWS\system32\wvUMGxwt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geBSmJDv
"Notification Packages"= scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-06-26 12:39:30 ------------

#Krok1:
Přesun si DSS na plochu.
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře:
"%userprofile%\plocha\dss.exe" /daft
- odsouhlas případné hlášky
- Otevře se ti okno, kde klikni na tlačítko Scan.
- počkej až proběhne kontrola
- v okně se ti objeví tyto červeně vypsané položky,
.bat
.ini
.txt
tak před nimi zatrhni ty čtverečky klikni na tlačítko Fix

#Krok2:
Stáhni si program OTMoveIt2 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste List Of Files/Folders to Move) zkopíruj tyto cesty označené zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď

#Krok3:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fix.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor fix.reg
- spusť ho vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK

#Krok4:
Otestuj tento soubor na VirusTotal
C:\WINDOWS\17PHolmes1381.exe
stačí jen zkopírovat na té stránce do toho prázdného okénka celou cestu a dát odeslat. Pak sem vlož výsledek

Pak restartuj Pc a vlož sem nový log z DSS + ten výsledek z VT + log z OTMoveIt2

MoveIt log >

Explorer killed successfully
File/Folder C:\WINDOWS\system32\geBSmJDv.dll not found.
LoadLibrary failed for C:\WINDOWS\system32\wvUMGxwt.dll
C:\WINDOWS\system32\wvUMGxwt.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wvUMGxwt.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gsqshkeb.dll
C:\WINDOWS\system32\gsqshkeb.dll NOT unregistered.
C:\WINDOWS\system32\gsqshkeb.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ivmwwmkd.dll
C:\WINDOWS\system32\ivmwwmkd.dll NOT unregistered.
C:\WINDOWS\system32\ivmwwmkd.dll moved successfully.
File/Folder C:\WINDOWS\system32\vDJmSBeg.ini2 not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\qktrhxsr.dll
C:\WINDOWS\system32\qktrhxsr.dll NOT unregistered.
C:\WINDOWS\system32\qktrhxsr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jtaaxakr.dll
C:\WINDOWS\system32\jtaaxakr.dll NOT unregistered.
C:\WINDOWS\system32\jtaaxakr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ogoojqdu.dll
C:\WINDOWS\system32\ogoojqdu.dll NOT unregistered.
C:\WINDOWS\system32\ogoojqdu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fkadocni.dll
C:\WINDOWS\system32\fkadocni.dll NOT unregistered.
C:\WINDOWS\system32\fkadocni.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\cjeljgbu.dll
C:\WINDOWS\system32\cjeljgbu.dll NOT unregistered.
C:\WINDOWS\system32\cjeljgbu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\cyjqmtme.dll
C:\WINDOWS\system32\cyjqmtme.dll NOT unregistered.
C:\WINDOWS\system32\cyjqmtme.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ddcYrQiJ.dll
C:\WINDOWS\system32\ddcYrQiJ.dll NOT unregistered.
C:\WINDOWS\system32\ddcYrQiJ.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\close poke frag ooze moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFC4AF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\admin\LOCALS~1\Temp\~DFFE0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06272008_115814

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\wvUMGxwt.dll
C:\WINDOWS\system32\wvUMGxwt.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wvUMGxwt.dll scheduled to be moved on reboot.
C:\DOCUME~1\admin\LOCALS~1\Temp\~DFC4AF.tmp moved successfully.
C:\DOCUME~1\admin\LOCALS~1\Temp\~DFFE0.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Vysledok z VirusTotal >

MD5: ee75b3c234bbeb21dc3af90530ca43c1
Poprvé zaslán: 2008.06.05 22:37:35 (CET)
Datum: 2008.06.21 02:55:55 (CET) [>6D]
Výsledky: 28/33
Stálý odkaz: analisis/3cefdb88f3d280e527bd3b9140429c8e

DSS log >

Deckard's System Scanner v20071014.68
Run by admin on 2008-06-27 12:25:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8768 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 11:53:40 291328 --a------ C:\OTMoveIt2.exe <Not Verified; OldTimer Tools; OTMoveIt>
2008-06-25 21:58:31 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-25 21:55:29 68096 --a------ C:\WINDOWS\zip.exe
2008-06-25 21:55:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-25 21:55:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-25 21:55:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-25 21:55:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-25 21:55:29 98816 --a------ C:\WINDOWS\sed.exe
2008-06-25 21:55:29 80412 --a------ C:\WINDOWS\grep.exe
2008-06-25 21:55:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-24 21:48:38 0 d-------- C:\Program Files\VideoCAM GE111
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files\PCCamera
2008-06-24 13:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-24 10:57:09 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-06-23 14:03:24 0 d-------- C:\Documents and Settings\admin\Application Data\Playrix Entertainment
2008-06-23 10:40:25 0 d-------- C:\WINDOWS\Supermarket Mania
2008-06-23 09:58:58 0 d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-23 09:35:34 24576 --a------ C:\WINDOWS\system32\wvUMGxwt.dll
2008-06-17 22:47:23 0 d-------- C:\WINDOWS\Album
2008-06-17 20:56:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-14 10:57:34 230432 --a------ C:\StiImg.dat
2008-06-11 12:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-10 20:56:16 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-06-10 20:56:00 0 d-------- C:\Program Files\Skype
2008-06-10 20:55:59 0 d-------- C:\Program Files\Common Files\Skype
2008-06-09 12:12:21 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-09 12:11:38 0 d-------- C:\Program Files\Image-Line
2008-06-09 12:11:18 0 d-------- C:\Program Files\Outsim
2008-06-08 21:28:11 41984 --a------ C:\WINDOWS\17PHolmes1381.exe
2008-06-08 21:27:34 0 d-------- C:\WINDOWS\Balloon Bliss
2008-06-08 21:23:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-08 18:20:58 0 d-------- C:\Documents and Settings\admin\Application Data\Alawar
2008-06-08 18:15:25 0 d-------- C:\Program Files\Alawar
2008-06-07 21:21:25 0 d-------- C:\Documents and Settings\admin\Application Data\WinRAR
2008-06-06 21:05:54 0 d-------- C:\Program Files\VirusTotalUploader
2008-06-02 07:32:16 0 d-------- C:\Documents and Settings\All Users\SonicStage
2008-05-30 00:01:35 0 d-------- C:\Program Files\Sony Corporation
2008-05-30 00:00:53 770048 --a------ C:\WINDOWS\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-05-30 00:00:53 585728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-05-30 00:00:53 73728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-05-30 00:00:53 643072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-05-30 00:00:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-29 23:59:53 0 d-------- C:\Program Files\Sony
2008-05-29 23:59:24 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59:24 0 d-------- C:\Documents and Settings\admin\Application Data\Sony Corporation
2008-05-29 21:14:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-27 10:27:30 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-06-24 21:49:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files
2008-06-17 20:01:04 0 d-------- C:\Program Files\Opera
2008-06-10 09:12:29 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-09 07:45:43 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-06-04 06:46:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 21:13:53 0 d-------- C:\Program Files\Mahjong Holidays 2005
2008-05-31 09:25:56 0 d-------- C:\Documents and Settings\admin\Application Data\AdobeUM
2008-05-30 21:25:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 23:53:12 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-05-23 18:21:20 0 --a------ C:\WINDOWS\XXLGSC
2008-05-22 22:28:52 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-22 22:27:09 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-21 15:32:26 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-21 14:22:07 0 d-------- C:\Program Files\Picasa2
2008-05-19 23:13:33 0 d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-05-19 23:12:56 0 d-------- C:\Program Files\VideoLAN
2008-05-19 21:46:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 21:45:12 0 d-------- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
2008-05-19 19:37:36 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 23:46:11 0 d-------- C:\Documents and Settings\admin\Application Data\Comodo
2008-05-18 23:42:20 0 d-------- C:\Program Files\COMODO
2008-05-18 22:58:55 0 d-------- C:\Program Files\SpywareBlaster
2008-05-18 21:23:38 0 d-------- C:\Program Files\CCleaner
2008-05-18 13:59:07 0 d-------- C:\Program Files\Speeditup Free
2008-05-18 13:31:52 0 d-------- C:\Program Files\Java
2008-05-16 11:13:23 0 d-------- C:\Program Files\Trend Micro
2008-05-14 00:51:59 0 d-------- C:\Program Files\PC Translator
2008-05-13 10:48:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:59:46 0 d-------- C:\Documents and Settings\admin\Application Data\Symantec
2008-05-12 13:33:38 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-12 10:55:14 0 d-------- C:\Program Files\directx
2008-05-11 19:33:10 0 d-------- C:\Program Files\Rockstar Games
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-29 11:08:27 0 d-------- C:\Program Files\BitComet
2008-04-27 15:25:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-27 15:25:31 0 d-------- C:\Documents and Settings\admin\Application Data\.wyzo
2008-04-27 13:31:54 0 d-------- C:\Program Files\LimeWire
2008-04-15 23:38:59 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}]
2008-06-23 09:35 24576 --a------ C:\WINDOWS\system32\wvUMGxwt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46]
"nwiz"="nwiz.exe" [2008-05-02 22:46 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-18 23:42]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-03-23 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 23:07]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 06:46]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 10:07 77824]
"{F86B11F3-0CE1-475F-9541-5329BF7B3597}"= C:\WINDOWS\system32\wvUMGxwt.dll [2008-06-23 09:35 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMGxwt]
wvUMGxwt.dll 2008-06-23 09:35 24576 C:\WINDOWS\system32\wvUMGxwt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-06-27 12:26:41 ------------

Na tom VirusTotal jsi pak měla dát možnost Reanalyse file now

Použij znovu OTMoveIt2 ale tentokrát vlož do okna toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Dej sem pak log z OTMoveIt2 a nový log z DSS

log z OTMoveIt2 >

Explorer killed successfully
LoadLibrary failed for C:\WINDOWS\system32\wvUMGxwt.dll
C:\WINDOWS\system32\wvUMGxwt.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wvUMGxwt.dll scheduled to be moved on reboot.
C:\WINDOWS\17PHolmes1381.exe moved successfully.
< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}\\ deleted successfully.
< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F86B11F3-0CE1-475F-9541-5329BF7B3597} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{F86B11F3-0CE1-475F-9541-5329BF7B3597} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F86B11F3-0CE1-475F-9541-5329BF7B3597}\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMGxwt >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMGxwt\\ deleted successfully.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06272008_203256

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\wvUMGxwt.dll
C:\WINDOWS\system32\wvUMGxwt.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\wvUMGxwt.dll scheduled to be moved on reboot.



log z DSS >

Deckard's System Scanner v20071014.68
Run by admin on 2008-06-27 20:38:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38, on 2008-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F86B11F3-0CE1-475F-9541-5329BF7B3597} - C:\WINDOWS\system32\wvUMGxwt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvUMGxwt - C:\WINDOWS\SYSTEM32\wvUMGxwt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8807 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 11:53:40 291328 --a------ C:\OTMoveIt2.exe <Not Verified; OldTimer Tools; OTMoveIt>
2008-06-25 21:58:31 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-25 21:55:29 68096 --a------ C:\WINDOWS\zip.exe
2008-06-25 21:55:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-25 21:55:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-25 21:55:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-25 21:55:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-25 21:55:29 98816 --a------ C:\WINDOWS\sed.exe
2008-06-25 21:55:29 80412 --a------ C:\WINDOWS\grep.exe
2008-06-25 21:55:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-24 21:48:38 0 d-------- C:\Program Files\VideoCAM GE111
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files\PCCamera
2008-06-24 13:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-24 10:57:09 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-06-23 14:03:24 0 d-------- C:\Documents and Settings\admin\Application Data\Playrix Entertainment
2008-06-23 10:40:25 0 d-------- C:\WINDOWS\Supermarket Mania
2008-06-23 09:58:58 0 d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-23 09:35:34 24576 --a------ C:\WINDOWS\system32\wvUMGxwt.dll
2008-06-17 22:47:23 0 d-------- C:\WINDOWS\Album
2008-06-17 20:56:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-14 10:57:34 230432 --a------ C:\StiImg.dat
2008-06-11 12:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-10 20:56:16 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-06-10 20:56:00 0 d-------- C:\Program Files\Skype
2008-06-10 20:55:59 0 d-------- C:\Program Files\Common Files\Skype
2008-06-09 12:12:21 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-09 12:11:38 0 d-------- C:\Program Files\Image-Line
2008-06-09 12:11:18 0 d-------- C:\Program Files\Outsim
2008-06-08 21:27:34 0 d-------- C:\WINDOWS\Balloon Bliss
2008-06-08 21:23:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-08 18:20:58 0 d-------- C:\Documents and Settings\admin\Application Data\Alawar
2008-06-08 18:15:25 0 d-------- C:\Program Files\Alawar
2008-06-07 21:21:25 0 d-------- C:\Documents and Settings\admin\Application Data\WinRAR
2008-06-06 21:05:54 0 d-------- C:\Program Files\VirusTotalUploader
2008-06-02 07:32:16 0 d-------- C:\Documents and Settings\All Users\SonicStage
2008-05-30 00:01:35 0 d-------- C:\Program Files\Sony Corporation
2008-05-30 00:00:53 770048 --a------ C:\WINDOWS\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-05-30 00:00:53 585728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-05-30 00:00:53 73728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-05-30 00:00:53 643072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-05-30 00:00:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-29 23:59:53 0 d-------- C:\Program Files\Sony
2008-05-29 23:59:24 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59:24 0 d-------- C:\Documents and Settings\admin\Application Data\Sony Corporation
2008-05-29 21:14:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-27 20:11:45 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-06-24 21:49:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files
2008-06-17 20:01:04 0 d-------- C:\Program Files\Opera
2008-06-10 09:12:29 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-09 07:45:43 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-06-04 06:46:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 21:13:53 0 d-------- C:\Program Files\Mahjong Holidays 2005
2008-05-31 09:25:56 0 d-------- C:\Documents and Settings\admin\Application Data\AdobeUM
2008-05-30 21:25:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 23:53:12 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-05-23 18:21:20 0 --a------ C:\WINDOWS\XXLGSC
2008-05-22 22:28:52 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-22 22:27:09 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-21 15:32:26 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-21 14:22:07 0 d-------- C:\Program Files\Picasa2
2008-05-19 23:13:33 0 d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-05-19 23:12:56 0 d-------- C:\Program Files\VideoLAN
2008-05-19 21:46:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 21:45:12 0 d-------- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
2008-05-19 19:37:36 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 23:46:11 0 d-------- C:\Documents and Settings\admin\Application Data\Comodo
2008-05-18 23:42:20 0 d-------- C:\Program Files\COMODO
2008-05-18 22:58:55 0 d-------- C:\Program Files\SpywareBlaster
2008-05-18 21:23:38 0 d-------- C:\Program Files\CCleaner
2008-05-18 13:59:07 0 d-------- C:\Program Files\Speeditup Free
2008-05-18 13:31:52 0 d-------- C:\Program Files\Java
2008-05-16 11:13:23 0 d-------- C:\Program Files\Trend Micro
2008-05-14 00:51:59 0 d-------- C:\Program Files\PC Translator
2008-05-13 10:48:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:59:46 0 d-------- C:\Documents and Settings\admin\Application Data\Symantec
2008-05-12 13:33:38 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-12 10:55:14 0 d-------- C:\Program Files\directx
2008-05-11 19:33:10 0 d-------- C:\Program Files\Rockstar Games
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-29 11:08:27 0 d-------- C:\Program Files\BitComet
2008-04-27 15:25:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-27 15:25:31 0 d-------- C:\Documents and Settings\admin\Application Data\.wyzo
2008-04-27 13:31:54 0 d-------- C:\Program Files\LimeWire
2008-04-15 23:38:59 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}]
2008-06-23 09:35 24576 --a------ C:\WINDOWS\system32\wvUMGxwt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46]
"nwiz"="nwiz.exe" [2008-05-02 22:46 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-18 23:42]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-03-23 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 23:07]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 06:46]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 10:07 77824]
"{F86B11F3-0CE1-475F-9541-5329BF7B3597}"= C:\WINDOWS\system32\wvUMGxwt.dll [2008-06-23 09:35 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMGxwt]
wvUMGxwt.dll 2008-06-23 09:35 24576 C:\WINDOWS\system32\wvUMGxwt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-06-27 20:39:38 ------------

Stáhni si Avenger (by Swandog46) a spusť ho pod účtem administrátora.
- objeví se ti hláška kterou odklikni přes Ok
Vlož si tam tento celý skript označený zeleně:
Files to delete:
C:\WINDOWS\system32\wvUMGxwt.dll

Registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMGxwt

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks | {F86B11F3-0CE1-475F-9541-5329BF7B3597}
- označ si celý skript a zkopíruj do schránky
- pak si ho vlož do avengeru přes toto tlačítko
- skrip se ti vloží do prázdného okna pod nadpisem: Input script here:
- pak klikni na tlačítko Execute
Budeš dotázán na to jestli chceš provést skript tak zvol Ano
- po proběhnutí prvního kroku budeš dotázán na na restart počítače tak zvol znovu Ano

Po restartu Pc a opětovném najetí do Win. se ti zobrazí log tak ho sem vlož + nový log z DSS

log Avenger >

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\wvUMGxwt.dll" deleted successfully.
Registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F86B11F3-0CE1-475F-9541-5329BF7B3597}" deleted successfully.
Registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMGxwt" deleted successfully.
Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{F86B11F3-0CE1-475F-9541-5329BF7B3597}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.





log DSS >


Deckard's System Scanner v20071014.68
Run by admin on 2008-06-28 10:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33, on 2008-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8579 bytes

-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-27 11:53:40 291328 --a------ C:\OTMoveIt2.exe <Not Verified; OldTimer Tools; OTMoveIt>
2008-06-25 21:58:31 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-25 21:55:29 68096 --a------ C:\WINDOWS\zip.exe
2008-06-25 21:55:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-25 21:55:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-25 21:55:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-25 21:55:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-25 21:55:29 98816 --a------ C:\WINDOWS\sed.exe
2008-06-25 21:55:29 80412 --a------ C:\WINDOWS\grep.exe
2008-06-25 21:55:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-24 21:48:38 0 d-------- C:\Program Files\VideoCAM GE111
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files\PCCamera
2008-06-24 13:18:13 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-24 10:57:09 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-06-23 14:03:24 0 d-------- C:\Documents and Settings\admin\Application Data\Playrix Entertainment
2008-06-23 10:40:25 0 d-------- C:\WINDOWS\Supermarket Mania
2008-06-23 09:58:58 0 d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-17 22:47:23 0 d-------- C:\WINDOWS\Album
2008-06-17 20:56:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-14 10:57:34 230432 --a------ C:\StiImg.dat
2008-06-11 12:56:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-10 20:56:16 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-06-10 20:56:00 0 d-------- C:\Program Files\Skype
2008-06-10 20:55:59 0 d-------- C:\Program Files\Common Files\Skype
2008-06-09 12:12:21 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-09 12:11:38 0 d-------- C:\Program Files\Image-Line
2008-06-09 12:11:18 0 d-------- C:\Program Files\Outsim
2008-06-08 21:27:34 0 d-------- C:\WINDOWS\Balloon Bliss
2008-06-08 21:23:37 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-06-08 18:20:58 0 d-------- C:\Documents and Settings\admin\Application Data\Alawar
2008-06-08 18:15:25 0 d-------- C:\Program Files\Alawar
2008-06-07 21:21:25 0 d-------- C:\Documents and Settings\admin\Application Data\WinRAR
2008-06-06 21:05:54 0 d-------- C:\Program Files\VirusTotalUploader
2008-06-02 07:32:16 0 d-------- C:\Documents and Settings\All Users\SonicStage
2008-05-30 00:01:35 0 d-------- C:\Program Files\Sony Corporation
2008-05-30 00:00:53 770048 --a------ C:\WINDOWS\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-05-30 00:00:53 585728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-05-30 00:00:53 73728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-05-30 00:00:53 643072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-05-30 00:00:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-29 23:59:53 0 d-------- C:\Program Files\Sony
2008-05-29 23:59:24 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-05-29 23:59:24 0 d-------- C:\Documents and Settings\admin\Application Data\Sony Corporation
2008-05-29 21:14:11 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-28 09:21:50 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-06-24 21:49:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-24 21:48:38 0 d-------- C:\Program Files\Common Files
2008-06-17 20:01:04 0 d-------- C:\Program Files\Opera
2008-06-10 09:12:29 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-09 07:45:43 0 d-------- C:\Documents and Settings\admin\Application Data\LimeWire
2008-06-04 06:46:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 21:13:53 0 d-------- C:\Program Files\Mahjong Holidays 2005
2008-05-31 09:25:56 0 d-------- C:\Documents and Settings\admin\Application Data\AdobeUM
2008-05-30 21:25:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-28 23:53:12 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-05-23 18:21:20 0 --a------ C:\WINDOWS\XXLGSC
2008-05-22 22:28:52 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-22 22:27:09 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-21 15:32:26 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-21 14:22:07 0 d-------- C:\Program Files\Picasa2
2008-05-19 23:13:33 0 d-------- C:\Documents and Settings\admin\Application Data\vlc
2008-05-19 23:12:56 0 d-------- C:\Program Files\VideoLAN
2008-05-19 21:46:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 21:45:12 0 d-------- C:\Documents and Settings\admin\Application Data\SUPERAntiSpyware.com
2008-05-19 19:37:36 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 23:46:11 0 d-------- C:\Documents and Settings\admin\Application Data\Comodo
2008-05-18 23:42:20 0 d-------- C:\Program Files\COMODO
2008-05-18 22:58:55 0 d-------- C:\Program Files\SpywareBlaster
2008-05-18 21:23:38 0 d-------- C:\Program Files\CCleaner
2008-05-18 13:59:07 0 d-------- C:\Program Files\Speeditup Free
2008-05-18 13:31:52 0 d-------- C:\Program Files\Java
2008-05-16 11:13:23 0 d-------- C:\Program Files\Trend Micro
2008-05-14 00:51:59 0 d-------- C:\Program Files\PC Translator
2008-05-13 10:48:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-12 21:59:46 0 d-------- C:\Documents and Settings\admin\Application Data\Symantec
2008-05-12 13:33:38 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-12 10:55:14 0 d-------- C:\Program Files\directx
2008-05-11 19:33:10 0 d-------- C:\Program Files\Rockstar Games
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-04-29 11:08:27 0 d-------- C:\Program Files\BitComet
2008-04-27 15:25:35 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-15 23:38:59 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-17 02:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46]
"nwiz"="nwiz.exe" [2008-05-02 22:46 C:\WINDOWS\system32\nwiz.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 05:12 C:\WINDOWS\RTHDCPL.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-18 23:42]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"QuickTime Task"="C:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008-03-23 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 09:20]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 23:07]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 06:46]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 10:07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-06-28 10:34:27 ------------

Takže logy vypadají dobře, pokud nemáš další problémy tak udělej následující kroky a bylo by to vše.

- Fixni v HJT tuto položku:
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

- doporučil bych ti aktualizovat Javu

- Spusť znovu OTMoveIT2 a klikni na tlačítko CleanUp!. Načte se ti seznam a objeví se ti hláška tak dej Yes. Po proběhnutí se tě zeptá na restart tak ho opět povol přes volbu Yes.