PC-HELP.CZ

nejdou mi spustit automatické aktualizace windows i kdyz dam povolit tak se prepíše na zakázáno....prikladam log.díky za pomoc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:28, on 12.7.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205DD61F-F460-4CCA-8D18-FFAA14F4DC10} - C:\WINDOWS\system32\yayvTnkL.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7768234D-E494-424D-96E6-4819A1E16325} - C:\WINDOWS\system32\jkkIBQhg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [99cfb9be] rundll32.exe "C:\WINDOWS\system32\lblccfex.dll",b
O4 - HKLM\..\Run: [BM9afc8a22] Rundll32.exe "C:\WINDOWS\system32\jfawofnc.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\2003\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9809886093
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3004A57-C273-415A-AA41-A4470DFF103D}: NameServer = 89.203.163.254,81.19.33.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkIBQhg - C:\WINDOWS\SYSTEM32\jkkIBQhg.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 8010 bytes

Můžeš si to analyzovat sám ZDE S odbornou analýzou musíš vyčkat než se někdo ze znalců přihlásí.

Před použitím ComboFix udělej následující kroky:
#Krok 1:
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)

- zavři program
Restartuj PC.

#Krok 2:
Po té si stáhni ResetTeaTimer.bat (viz. Poznámka) a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

zde je log z comba,ale ted jsem se dival a uz je sluzba automaticke aktualizace funkční?????

ComboFix 08-07-11.1 - TOMAS 2008-07-12 18:47:39.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2914 [GMT 2:00]
Running from: C:\Documents and Settings\TOMAS\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\jkkIBQhg.dll
C:\WINDOWS\system32\jkkLCsQK.dll
C:\WINDOWS\system32\jruchdvu.ini
C:\WINDOWS\system32\LknTvyay.ini
C:\WINDOWS\system32\LknTvyay.ini2
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\xefcclbl.ini
C:\WINDOWS\system32\xpygcvny.ini
C:\WINDOWS\system32\yayvTnkL.dll
C:\WINDOWS\system32\ynvcgypx.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-12 17:44 . 2008-07-12 17:44 0 --a------ C:\23990098.$$$
2008-07-12 17:23 . 2008-07-12 17:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 12:10 . 2008-07-12 12:10 95 --a------ C:\WINDOWS\wininit.ini
2008-07-12 11:42 . 2008-07-12 11:42 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-07-12 11:01 . 2008-07-12 11:01 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-07-12 11:01 . 2008-07-12 11:01 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-07-12 11:01 . 2008-07-12 11:01 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-07-12 11:01 . 2008-07-12 11:01 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-07-12 11:01 . 2008-07-12 11:01 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-07-12 11:01 . 2008-07-12 11:01 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-07-12 10:29 . 2008-07-12 17:39 50 --a------ C:\WINDOWS\Lic.xxx
2008-07-12 10:28 . 2008-04-14 05:22 147,968 --a------ C:\WINDOWS\R.COM
2008-07-12 10:28 . 2008-04-14 05:22 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-07-12 08:57 . 2008-07-12 12:10 110,415 --a------ C:\WINDOWS\BM9afc8a22.xml
2008-07-09 18:58 . 2008-07-09 18:58 <DIR> d-------- C:\Program Files\directx
2008-07-09 18:56 . 2008-07-09 18:56 <DIR> d-------- C:\Program Files\Mindscape
2008-07-04 20:24 . 2008-07-04 20:24 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-04 20:23 . 2008-07-04 20:23 <DIR> d-------- C:\Program Files\Skype
2008-07-04 20:23 . 2008-07-04 20:23 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-04 20:09 . 2008-07-10 19:51 <DIR> d-------- C:\Documents and Settings\TOMAS\Incomplete
2008-07-04 19:41 . 2008-07-04 19:41 <DIR> d-------- C:\Program Files\Sun
2008-07-04 19:40 . 2008-07-04 19:40 <DIR> d-------- C:\Program Files\Java
2008-07-04 19:40 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 19:39 . 2008-07-04 19:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-04 19:37 . 2008-07-04 19:38 <DIR> d-------- C:\Program Files\LimeWire
2008-07-04 14:39 . 2008-07-12 14:08 <DIR> d-------- C:\Program Files\HLSW
2008-07-04 13:17 . 2008-07-04 13:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-03 21:30 . 2008-07-03 21:30 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-03 18:55 . 2008-07-03 18:55 200,704 --a------ C:\WINDOWS\TRNOET.DLL
2008-07-03 18:55 . 2008-07-03 18:55 45,056 --a------ C:\WINDOWS\TRNOEH.DLL
2008-07-03 18:55 . 2008-07-03 18:55 26,624 --a------ C:\WINDOWS\OETRN.EXE
2008-07-03 18:55 . 2008-07-03 18:55 33 --a------ C:\WINDOWS\WTRDCTM.INI
2008-07-03 18:54 . 2008-07-03 19:13 <DIR> d-------- C:\TRANSLAT
2008-07-03 18:54 . 2008-07-03 19:00 516,096 --a------ C:\WINDOWS\UN32.EXE
2008-07-03 18:54 . 2008-07-03 19:00 2,575 --a------ C:\WINDOWS\UN32P.INI
2008-07-03 18:54 . 2008-07-12 17:11 2,555 --a------ C:\WINDOWS\TRNCOM.INI
2008-07-03 18:54 . 2008-07-03 18:59 2,060 --a------ C:\WINDOWS\WDICT32.INI
2008-07-03 18:54 . 2008-07-12 18:44 1,834 --a------ C:\WINDOWS\MAILTRAN.INI
2008-07-03 18:45 . 2008-07-03 18:59 4,201 --a------ C:\WINDOWS\WTRAN32.INI
2008-07-03 18:45 . 2008-07-03 18:45 0 --a------ C:\WINDOWS\XXLGSC
2008-07-03 15:47 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-03 15:47 . 2008-07-03 15:47 390 --a------ C:\WINDOWS\ODBC.INI
2008-07-03 15:46 . 2008-07-03 15:46 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-03 15:45 . 2008-07-03 15:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-03 15:24 . 2008-07-03 15:24 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-03 15:24 . 2004-04-30 09:37 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2008-07-03 15:24 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2008-07-03 12:13 . 2008-07-03 12:13 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-07-03 12:13 . 2008-07-03 12:13 <DIR> d-------- C:\WINDOWS\system32\cs
2008-07-03 12:13 . 2008-07-03 12:13 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-03 12:02 . 2008-04-14 05:18 846,874 -----c--- C:\WINDOWS\system32\dllcache\msdxm.ocx
2008-07-02 19:03 . 2008-07-02 19:03 287 --a------ C:\WINDOWS\game.ini
2008-07-02 18:58 . 2008-07-02 18:58 <DIR> d-------- C:\Program Files\Activision
2008-07-01 12:54 . 2008-07-01 12:54 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-07-01 12:54 . 2008-07-01 12:55 <DIR> d-------- C:\WINDOWS\NV37883792.TMP
2008-07-01 12:54 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-01 12:53 . 2008-07-01 12:53 <DIR> d-------- C:\NVIDIA
2008-07-01 11:16 . 2008-07-01 11:17 63,221 --a------ C:\Documents and Settings\TOMAS\Update.exe
2008-07-01 11:15 . 2008-07-01 11:15 <DIR> d-------- C:\Program Files\Zaparit
2008-07-01 11:15 . 2008-07-01 11:16 1,614,336 --a------ C:\Documents and Settings\TOMAS\klient.exe
2008-07-01 09:30 . 2008-06-14 19:35 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 09:28 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-01 08:47 . 2008-07-01 08:48 <DIR> d-------- C:\Program Files\GamePark
2008-07-01 08:12 . 2008-07-01 08:12 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-01 07:58 . 2008-07-01 08:01 <DIR> d-------- C:\Program Files\BitComet
2008-06-30 14:01 . 2008-06-30 14:01 <DIR> d-------- C:\Documents and Settings\LocalService\Nabˇdka Start
2008-06-30 13:30 . 2008-07-03 12:19 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-30 13:29 . 2008-06-30 13:29 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-30 13:29 . 2008-07-03 12:13 <DIR> d-------- C:\WINDOWS\peernet
2008-06-30 13:28 . 2008-06-30 13:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-30 13:24 . 2008-07-03 12:13 <DIR> d-------- C:\WINDOWS\EHome
2008-06-30 12:27 . 2008-04-14 05:22 354,304 --a------ C:\WINDOWS\system32\winhttp.dll
2008-06-30 12:27 . 2008-04-14 05:21 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-06-30 12:27 . 2008-04-14 05:21 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-06-30 12:27 . 2008-04-14 05:21 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-06-30 12:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-30 12:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-20 19:49 . 2008-06-20 19:49 247,296 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:49 . 2008-06-20 19:49 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 16:03 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-12 14:58 --------- d-----w C:\Program Files\ICQ
2008-07-10 17:52 --------- d-----w C:\Program Files\ESET
2008-07-04 22:47 --------- d-----w C:\Program Files\The KMPlayer
2008-07-04 12:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-04 12:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-03 10:15 3,038 ----a-w C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2008-07-02 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 07:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-01 06:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-30 11:30 8,972 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:35 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 21:36 457 ----a-w C:\Program Files\INSTALL.LOG
2008-05-02 21:31 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-05-02 19:21 16,512 ----a-w C:\WINDOWS\gdrv.sys
2008-05-02 19:19 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-02 19:07 558,142 ----a-w C:\WINDOWS\java\Packages\42QNT7TJ.ZIP
2008-05-02 19:06 155,995 ----a-w C:\WINDOWS\java\Packages\J7XBL39B.ZIP
2008-04-30 15:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-21 06:45 667,136 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 06:52 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 06:51 991,744 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:51 424,448 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 03:46 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 03:27 331,776 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 03:23 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 03:23 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 03:23 695,808 ----a-w C:\WINDOWS\system32\drmv2clt.dll
2008-04-14 03:23 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
2008-04-14 03:23 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 03:23 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
2008-04-14 03:23 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 03:21 996,864 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 03:20 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-14 03:20 1,442,816 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-14 03:19 57,375 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 03:19 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 03:16 3,584 ----a-w C:\WINDOWS\system32\icmp.dll
2008-04-14 03:14 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 03:11 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 03:11 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-14 03:10 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 03:08 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-14 03:08 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 03:07 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 02:36 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 02:36 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 02:33 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 02:30 80,896 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 02:28 78,848 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 02:25 2,957,312 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 02:24 47,616 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:23 556,544 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 02:19 173,056 ----a-w C:\WINDOWS\system32\wmerror.dll
2008-04-14 02:17 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 02:15 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 02:14 66,048 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 02:12 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-14 02:09 7,680 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:40 463,360 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:36 2,927,616 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 188,928 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:22 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-02 23:31 917504]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 09:38 16384512 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 05:22 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ\\Icq.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HLSW\\hlsw.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 10:21]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 20:56]

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-OEXPRESS - C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-BM9afc8a22 - C:\WINDOWS\system32\jfawofnc.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 18:54:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Documents and Settings\All Users\Data aplikací\LangSoft\TrnOEH.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
.
**************************************************************************
.
Completion time: 2008-07-12 18:57:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 16:57:15

Adresářů: 7, Volných bajtů: 62,758,555,648
Adres ý…: 10, Volněch bajt…: 63,586,185,216

271 --- E O F --- 2008-07-09 07:17:14

Smaž ručně tento soubor:
C:\WINDOWS\BM9afc8a22.xml

pak sem dej nový log z HJT.