Proradný SupsensorPC - prosím pomoc Vyřešeno

[MichalT]

Zdravím všechny pchelpáky, bohužel se mi v počítači usídlil proradný suspensor pc Na doporučení Ltb vkládám log a moc moc prosím o kontrolu, zcela určitě ho tam najdete, jsem připravený na cokoliv.

Díky moc!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:48, on 16.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\winudpcl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {E4A3C6AC-6432-45F2-9BCC-036902CDBA6A} - C:\WINDOWS\system32\khfDuSml.dll
O2 - BHO: (no name) - {FAAF4503-E52D-4B3B-9B12-D408F13AD817} - C:\WINDOWS\system32\ssqRJabA.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudpcl.exe
O4 - HKLM\..\Run: [eca9a8b4] rundll32.exe "C:\WINDOWS\system32\xgpiqded.dll",b
O4 - HKLM\..\Run: [BMef9a9b28] Rundll32.exe "C:\WINDOWS\system32\hjadxvdk.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47F5CD-1132-4591-94FB-7FF2B0DAB9FE}: NameServer = 172.22.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqRJabA - C:\WINDOWS\SYSTEM32\ssqRJabA.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ad/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 11458 bytes

[Reklama]

[fredik]

Vítej na fóru

Před použitím ComboFix vypni Nortona/Symantec
- klikni na jeho ikonu v system tray pravým tlačítkem myši
- zvol Disable Auto-Protect (nastav tam delší dobu jak 30 min)
- případně u Symatecu by to mělo být Disable Symantec EndPoint Protection

Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[MichalT]

ComboFix 08-06-15.4 - ad 2008-06-16 20:39:37.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.565 [GMT 2:00]
Running from: C:\Documents and Settings\ad\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
pv: No matching processes found
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMef9a9b28.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\byXRLbxx.dll
C:\WINDOWS\system32\durtlhbm.ini
C:\WINDOWS\system32\lqslspju.dll
C:\WINDOWS\system32\mbhltrud.dll
C:\WINDOWS\system32\mlJabccb.dll
C:\WINDOWS\system32\pmnnOFvV.dll
C:\WINDOWS\system32\xxbLRXyb.ini
C:\WINDOWS\system32\xxbLRXyb.ini2
.
---- Previous Run -------
.
C:\WINDOWS\BMef9a9b28.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahjoemjf.dll
C:\WINDOWS\system32\awttuvvu.dll
C:\WINDOWS\system32\cotchfmu.ini
C:\WINDOWS\system32\dedqipgx.ini
C:\WINDOWS\system32\hjadxvdk.dll
C:\WINDOWS\system32\iiffDUom.dll
C:\WINDOWS\system32\jfyaiijk.ini
C:\WINDOWS\system32\khfDuSml.dll
C:\WINDOWS\system32\lmSuDfhk.ini
C:\WINDOWS\system32\lmSuDfhk.ini2
C:\WINDOWS\system32\ssqRJabA.dll
C:\WINDOWS\system32\xgpiqded.dll
C:\WINDOWS\system32\yaywvvvU.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 19:50 . 2008-06-16 19:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 17:13 . 2008-06-13 20:00 41,984 -r-hs---- C:\WINDOWS\winudpcl.exe
2008-06-15 14:55 . 2008-06-15 14:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 12:04 . 2008-06-15 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-11 20:13 . 2008-04-14 17:53 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 20:13 . 2008-04-14 17:53 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-19 19:59 . 2008-05-19 19:59 268 --ah----- C:\sqmdata06.sqm
2008-05-19 19:59 . 2008-05-19 19:59 244 --ah----- C:\sqmnoopt06.sqm
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 18:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 10:04 --------- d-----w C:\Program Files\ICQLite
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 15:24 --------- d-----w C:\Program Files\GPLGS
2008-04-27 15:14 --------- d-----w C:\Program Files\Acro Software
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_20.24.51.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-11 08:40:19 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2008-06-16 18:28:48 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2007-11-11 08:40:19 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2008-06-16 18:28:45 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
- 2008-06-16 18:20:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 18:45:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2003-07-15 05:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 05:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 05:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 05:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 05:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 05:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-06-19 00:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 05:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 05:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-14 21:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 05:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 05:44:06 25,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 05:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-11 09:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 10:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 21:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 05:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 05:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 05:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 05:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 05:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-19 00:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 23:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 05:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 06:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 05:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 05:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2007-11-11 08:40:19 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 10:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 06:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 05:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 05:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-05-09 04:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 05:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-07-21 18:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 05:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 21:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 05:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2007-11-11 08:40:19 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2005-02-03 15:59:22 346,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.8173\METCONV.DLL
+ 2005-05-03 22:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-03 22:06:32 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-03 22:06:26 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\5040311900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
- 2008-06-12 16:48:08 12,288 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-16 18:29:22 12,288 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-12 16:48:08 135,168 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-16 18:29:22 135,168 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-12 16:48:08 11,264 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-16 18:29:22 11,264 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-12 16:48:08 27,136 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-16 18:29:22 27,136 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-12 16:48:08 4,096 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-16 18:29:22 4,096 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-12 16:48:08 794,624 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-16 18:29:22 794,624 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-12 16:48:08 23,040 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-16 18:29:22 23,040 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-12 16:48:08 286,720 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-16 18:29:22 286,720 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-12 16:48:07 409,600 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-16 18:29:22 409,600 ----a-r C:\WINDOWS\Installer\{91130405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2005-03-17 12:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 08:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 05:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 17:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2008-04-10 11:03:12 193,776 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-16 18:36:07 193,776 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-03-22 13:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 11:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2004-03-22 13:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 11:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-03-22 13:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 11:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-03-22 13:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 11:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2004-03-22 13:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 11:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2004-03-22 13:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 11:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 09:12 1298432]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 21:05 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:46 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 15:05 7557120]
"nwiz"="nwiz.exe" [2006-02-13 15:05 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 15:05 86016]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-10-27 17:01 139264]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [ ]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 16:55 339968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 04:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Windows UDP Control"="winudpcl.exe" [2008-06-13 20:00 41984 C:\WINDOWS\winudpcl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312}"= C:\WINDOWS\system32\awtrRJBT.dll [2008-06-16 20:47 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrRJBT]
awtrRJBT.dll 2008-06-16 20:47 24576 C:\WINDOWS\system32\awtrRJBT.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\byXRLbxx

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 14:59]
R3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-21 16:26]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e28150-e77d-11dc-acb2-0016e6815cc9}]
\Shell\AutoRun\command - K:\AutoTransfer.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-07 17:49:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 18:00:14 C:\WINDOWS\Tasks\Norton Internet Security - Prověřit tento počítač - ad.job"

[fredik]

Opět pozastav Nortona a po proběhnutí si ho zapni zpět:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\winudpcl.exe
C:\WINDOWS\system32\awtrRJBT.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows UDP Control"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrRJBT]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[MichalT]

Ahoj,
tak jsem postupoval dle tvých rad a musím říci, že se situace rapidně zlepšila, DÍKY MOC!! Už se dostanu na idnes.cz a ostatní stránky, už mi neskáče banner po spuštění PC a celé se to zdá být ok. Jen se mi ještě stále zobrazuje jeden malý banner, když jdu na internet (používám mozillu), který tam podle mě nemá co dělat a který se ještě týká toho suspensor pc. Vše ostatní se zdá být ok. Níže uvádím oba logy - Combofix a Hijackthis.

Díky, Michal

ComboFix 08-06-15.4 - ad 2008-06-17 20:27:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.551 [GMT 2:00]
Running from: C:\Documents and Settings\ad\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\ad\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\awtrRJBT.dll
C:\WINDOWS\winudpcl.exe
.
/wow section - STAGE 41
pv: No matching processes found
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMef9a9b28.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtrRJBT.dll
C:\WINDOWS\system32\iomjthlm.dll
C:\WINDOWS\system32\jkkIXpoN.dll
C:\WINDOWS\system32\NopXIkkj.ini
C:\WINDOWS\system32\NopXIkkj.ini2
C:\WINDOWS\system32\pncvswiu.dll
C:\WINDOWS\system32\uiwsvcnp.ini
C:\WINDOWS\system32\vtUOheDu.dll
C:\WINDOWS\system32\wvUliiIc.dll
C:\WINDOWS\winudpcl.exe
.
---- Previous Run -------
.
C:\WINDOWS\BMef9a9b28.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ahjoemjf.dll
C:\WINDOWS\system32\awttuvvu.dll
C:\WINDOWS\system32\byXRLbxx.dll
C:\WINDOWS\system32\cotchfmu.ini
C:\WINDOWS\system32\dedqipgx.ini
C:\WINDOWS\system32\durtlhbm.ini
C:\WINDOWS\system32\hjadxvdk.dll
C:\WINDOWS\system32\iiffDUom.dll
C:\WINDOWS\system32\jfyaiijk.ini
C:\WINDOWS\system32\khfDuSml.dll
C:\WINDOWS\system32\lmSuDfhk.ini
C:\WINDOWS\system32\lmSuDfhk.ini2
C:\WINDOWS\system32\lqslspju.dll
C:\WINDOWS\system32\mbhltrud.dll
C:\WINDOWS\system32\mlJabccb.dll
C:\WINDOWS\system32\pmnnOFvV.dll
C:\WINDOWS\system32\ssqRJabA.dll
C:\WINDOWS\system32\xgpiqded.dll
C:\WINDOWS\system32\xxbLRXyb.ini
C:\WINDOWS\system32\xxbLRXyb.ini2
C:\WINDOWS\system32\yaywvvvU.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 19:50 . 2008-06-16 19:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 14:55 . 2008-06-15 14:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 12:04 . 2008-06-15 14:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-11 20:13 . 2008-04-14 17:53 272,128 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 20:13 . 2008-04-14 17:53 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-19 19:59 . 2008-05-19 19:59 268 --ah----- C:\sqmdata06.sqm
2008-05-19 19:59 . 2008-05-19 19:59 244 --ah----- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 18:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 10:04 --------- d-----w C:\Program Files\ICQLite
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-27 15:24 --------- d-----w C:\Program Files\GPLGS
2008-04-27 15:14 --------- d-----w C:\Program Files\Acro Software
.

((((((((((((((((((((((((((((( snapshot_2008-06-16_20.49.26.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 18:45:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 18:32:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32 94208]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-07-24 09:12 1298432]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-12 21:05 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:46 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 15:05 7557120]
"nwiz"="nwiz.exe" [2006-02-13 15:05 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 15:05 86016]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2005-10-27 17:01 139264]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [ ]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 16:55 339968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 19:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 20:12 3142236]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 04:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 14:59]
R3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-21 16:26]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4e28150-e77d-11dc-acb2-0016e6815cc9}]
\Shell\AutoRun\command - K:\AutoTransfer.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-07 17:49:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-13 18:00:14 C:\WINDOWS\Tasks\Norton Internet Security - Prověřit tento počítač - ad.job"



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42, on 2008-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E47F5CD-1132-4591-94FB-7FF2B0DAB9FE}: NameServer = 172.22.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ad/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10453 bytes

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi ComboFix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu HijackThis a zaškrtni v něm okénko před řádkem:
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked

Můžeš také fixnout v HJT tyto položky, není potřeba aby se spouštěly při startu Windows:
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation

a ulož si ho na disk

- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:

J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2

- Odinstaluj je přes tlačítko Změnit nebo odebrat nebo Odebrat
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.

Zkus poslat screen shot toho baneru. Logy vypadají dobře. Můžeš ještě zkusit projet Pc pomocí SAS a vlož sem z něho log pokud něco najde (ale před tím aktualizuj Javu):

Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >

Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj

[MichalT]

Ahoj, tak dnes po restartu PC je banner pryč a vše vypadá tak jako dřív. Díky moc za tvoji pomoc! Už to vypadalo, že budu muset reinstalovat Windows Dodatečně nechám fixnout ty zbylé klíče, jak radíš a pak tu Javu, jinak je po problému. Díky, díky..

[fredik]

Nemáš za co