problém s IE

[JirkaK.]

Dobrý den, prosím o pomoc začal mi při prohlížení špatně pracovat IE, nabíhá pomalu, padá apod. Používám NIS ale nic nenašel, prošel jsem to ještě Avastem ten nějaký malware odstranil ale problém přetrvává.

Logfile of random's system information tool 1.07 (written by random/random)
Run by Jirik at 2010-05-07 10:29:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 103 GB (68%) free of 151 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:05, on 7.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Data aplikací\BrowserZinc\browserzinc133.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\xmesrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\BrowserZinc\browserzinc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Jirik\Plocha\RSIT.exe
C:\Program Files\trend micro\Jirik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-gw.ph.koop.cz:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;10.*;intranet*;kos*;cport*;psapk01*;obeh*;obchod*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: Count Access Advancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Count Access Advancer\5.6.0.7190\CAAIEAddOn.dll
O2 - BHO: Advanced Access Controller - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Advanced Access Controller\4.6.0.2670\AACIEAddOn.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Customized Web Management - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Customized Web Management\1.6.0.3840\CWMIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Internet Content Assistant - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Internet Content Assistant\1.6.0.3960\ICAIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Automated Result Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Automated Result Operator\4.6.0.2810\AROIEAddOn.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Philips GoGear ARIA Device Manager.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.autocont.cz
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - http://download.seznam.cz/listicka/toolbar2007.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserZinc Service - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\BrowserZinc\browserzinc133.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: CryptoPlus XME Engine Service (xmengine service) - Monet+, a.s. - C:\WINDOWS\system32\xmesrv.exe

--
End of file - 12840 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Internet Security - Prověřit tento počítač - Jirik.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11222041-111B-46E3-BD29-EFB2449479B1}]
IEPlugin Class - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL [2008-12-24 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}]
Count Access Advancer - C:\Program Files\Count Access Advancer\5.6.0.7190\CAAIEAddOn.dll [2010-04-26 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}]
Advanced Access Controller - C:\Program Files\Advanced Access Controller\4.6.0.2670\AACIEAddOn.dll [2010-04-26 376832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-26 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL [2010-02-04 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-14 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}]
Customized Web Management - C:\Program Files\Customized Web Management\1.6.0.3840\CWMIE.dll [2010-04-23 1454080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-16 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}]
Internet Content Assistant - C:\Program Files\Internet Content Assistant\1.6.0.3960\ICAIE.dll [2010-04-28 557056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}]
Automated Result Operator - C:\Program Files\Automated Result Operator\4.6.0.2810\AROIEAddOn.dll [2010-04-26 376832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-26 394608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-07-12 29696]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-09-29 49152]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-12 68856]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"OEXPRESS"= []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico
Philips GoGear ARIA Device Manager.lnk - C:\Program Files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\Jirik\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Czech\setup.exe"="C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Czech\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\Documents and Settings\Jirik\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Jirik\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Jirik\Local Settings\Temp\7zSE47C.tmp\SymNRT.exe"="C:\Documents and Settings\Jirik\Local Settings\Temp\7zSE47C.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Documents and Settings\Jirik\Local Settings\Temp\7zS1A.tmp\SymNRT.exe"="C:\Documents and Settings\Jirik\Local Settings\Temp\7zS1A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-05-07 10:25:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2010-05-07 10:22:46 ----SHD---- C:\FOUND.067
2010-05-06 22:31:49 ----SHD---- C:\Config.Msi
2010-05-06 17:21:30 ----D---- C:\Program Files\BrowserZinc
2010-05-06 17:21:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\BrowserZinc
2010-05-06 17:21:16 ----D---- C:\Program Files\Internet Content Assistant
2010-05-06 17:21:00 ----D---- C:\Program Files\Customized Web Management
2010-05-06 17:20:44 ----D---- C:\Program Files\Internet Connection Wizard
2010-05-06 17:20:36 ----D---- C:\Program Files\Advanced Access Controller
2010-05-06 17:20:27 ----D---- C:\Program Files\Common Files\Count Access Advancer
2010-05-06 17:20:26 ----D---- C:\Program Files\Count Access Advancer
2010-05-06 17:20:14 ----D---- C:\Program Files\Automated Result Operator
2010-05-06 17:19:51 ----D---- C:\Program Files\JuicyJoint Toolbar
2010-04-20 22:01:38 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-20 20:30:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2010-04-20 20:30:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
2010-04-20 20:29:57 ----D---- C:\Program Files\McAfee Security Scan
2010-04-14 09:26:44 ----HD---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 09:26:37 ----HD---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 09:23:52 ----HD---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 09:23:47 ----HD---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 09:23:42 ----HD---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 09:23:28 ----HD---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-11 23:14:56 ----SHD---- C:\FOUND.066
2010-04-10 20:05:46 ----SHD---- C:\FOUND.065
2010-04-08 13:01:06 ----SHD---- C:\FOUND.064

======List of files/folders modified in the last 1 months======

2010-05-07 09:36:06 ----N---- C:\WINDOWS\SchedLgU.Txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys [2010-02-26 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS [2010-02-27 43696]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-10-30 5632]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS [2010-02-27 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1106000.020\SYMTDI.SYS [2010-02-04 362032]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-08-10 89600]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100429.001\IDSxpx86.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-09-20 53632]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2007-07-16 26272]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-09-20 22016]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-09-05 85969]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100506.025\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100506.025\NAVEX15.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS [2010-02-27 325680]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 BrowserZinc Service;BrowserZinc Service; C:\Documents and Settings\All Users\Data aplikací\BrowserZinc\browserzinc133.exe [2010-05-04 61712]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-01 153376]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [2010-02-26 126392]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2008-02-14 225280]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 xmengine service;CryptoPlus XME Engine Service; C:\WINDOWS\system32\xmesrv.exe [2009-10-09 34696]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-28 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-16 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?


HJT najdeš zde :

C:\Program Files\trend micro\Jirik.exe

Fix znamená že spustíš HJT

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Google Software Updater

NBService - Nero AG

Cyberlink RichVideo Service

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

Čištění registru je třeba několikrát zopakovat !


Stáhni a ulož na plochu ComboFix,

spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

[JirkaK.]

no rád bych řekl, že jsem přesně věděl co dělám , zdá se , že to opět šlape.
Google Software Updater - byl zakázán, spuštění bylo ruční nebo aut. tak jsem zakázal
NBService - Nero AG - to samé
Cyberlink RichVideo Service - jediný byl povolen, tak jsem dle pokynů vše zakázal


Tady je výsledek, doufám, že uspokojivý:

ComboFix 10-05-06.04 - Jirik 07.05.2010 13:49:19.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1461 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirik\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\BrowserZinc
c:\documents and settings\All Users\Data aplikací\BrowserZinc\browserzinc133.exe
c:\program files\Advanced Access Controller\4.6.0.2670\AACIeaddon.dll
c:\program files\Automated Result Operator\4.6.0.2810\AROIeaddon.dll
c:\program files\BrowserZinc
c:\program files\BrowserZinc\browserzinc.dll
c:\program files\BrowserZinc\browserzinc.exe
c:\program files\BrowserZinc\uninstall.exe
c:\program files\Count Access Advancer\5.6.0.7190\CAAIeaddon.dll
c:\program files\Customized Web Management\1.6.0.3840\CWMIe.dll
c:\program files\Internet Content Assistant\1.6.0.3960\ICAIe.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BROWSERZINC_SERVICE
-------\Service_BrowserZinc Service


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-07 do 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 08:22 . 2010-05-07 08:22 -------- d-----w- C:\FOUND.067
2010-05-06 15:21 . 2010-05-06 15:21 -------- d-----w- c:\program files\Internet Content Assistant
2010-05-06 15:21 . 2010-05-06 15:21 -------- d-----w- c:\program files\Customized Web Management
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Internet Connection Wizard
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Advanced Access Controller
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Common Files\Count Access Advancer
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Count Access Advancer
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Automated Result Operator
2010-05-06 15:19 . 2010-05-06 15:19 -------- d-----w- c:\program files\JuicyJoint Toolbar
2010-04-23 19:24 . 2010-04-23 19:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-20 20:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-20 18:29 . 2010-04-20 18:29 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-11 21:14 . 2010-04-11 21:14 -------- d-----w- C:\FOUND.066
2010-04-10 18:05 . 2010-04-10 18:05 -------- d-----w- C:\FOUND.065
2010-04-08 11:01 . 2010-04-08 11:01 -------- d-----w- C:\FOUND.064

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 18:18 . 2009-11-19 12:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-01 20:44 . 2010-04-01 20:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-01 20:42 . 2008-12-14 20:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 20:30 . 2010-04-01 20:30 -------- d-----w- c:\program files\iPod
2010-04-01 20:30 . 2010-04-01 20:30 -------- d-----w- c:\program files\iTunes
2010-04-01 20:27 . 2010-04-01 20:27 -------- d-----w- c:\program files\QuickTime
2010-04-01 20:26 . 2010-04-01 20:26 -------- d-----w- c:\program files\Apple Software Update
2010-03-12 14:24 . 2010-03-12 14:24 -------- d-----w- c:\program files\CryptoPlus
2010-03-12 13:36 . 2010-03-12 13:36 94208 ----a-w- c:\windows\system32\pkcs11wrapper.dll
2010-03-10 06:17 . 1979-12-31 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 22:47 . 2010-02-19 22:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 19:08 . 2004-08-17 14:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2004-08-17 14:45 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:35 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Jirik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-4-9 6144]
Philips GoGear ARIA Device Manager.lnk - c:\program files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2009-12-26 1611152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [6.4.2010 22:29 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [6.4.2010 22:29 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [29.4.2010 19:44 537136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [6.4.2010 22:29 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [6.4.2010 22:28 126392]
R2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe [12.3.2010 16:23 34696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6.5.2010 23:35 102448]
R3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10.8.2009 12:07 89600]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100429.001\IDSXpx86.sys [3.5.2010 21:53 329592]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [16.7.2007 11:38 26272]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-06 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - Jirik.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-04-06 23:51]

2010-05-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;10.*;intranet*;kos*;cport*;psapk01*;obeh*;obchod*;<local>
uInternet Settings,ProxyServer = www-gw.ph.koop.cz:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: chance.cz\www
Trusted Zone: ifortuna.cz\www
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-OEXPRESS - (no file)
AddRemove-BrowserZinc - c:\program files\BrowserZinc\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 13:55
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1723214923-2826457082-3675345140-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F8596B4-67D2-0ED2-BDF2-0D535C43A7EF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\UAService7.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-07 13:58:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-07 11:58
ComboFix2.txt 2008-09-05 17:46
ComboFix3.txt 2008-09-05 15:09

Před spuštěním: Volných bajtů: 108 089 671 680
Po spuštění: Volných bajtů: 108 219 105 280

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6A5199B8F82A6ECAD0C4E07F89AE25C9

[Roli]

Bezva, ale než budeme pokračovat tak se zeptám, tohle :

Internet Content Assistant
Customized Web Management
Internet Connection Wizard
Advanced Access Controller
Common Files\Count Access Advancer
Count Access Advancer
Automated Result Operator
JuicyJoint Toolbar

opravdu potřebuješ ?

Obvzlášt ten poslední softík

[JirkaK.]

řeknu to takhle, nic mi to neříká takže asi nepotřebuju ale zeptat se mě na nějakej Win32 tak si to myslím taky, ponechám to na tobě

[Roli]

Dobře tedy tak to odstřelíme i s ostatním nepořádkem.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
C:\FOUND.067
c:\program files\Internet Content Assistant
c:\program files\Customized Web Management
c:\program files\Internet Connection Wizard
c:\program files\Advanced Access Controller
c:\program files\Common Files\Count Access Advancer
c:\program files\Count Access Advancer
c:\program files\Automated Result Operator
c:\program files\JuicyJoint Toolbar
C:\FOUND.066
C:\FOUND.065
C:\FOUND.064

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[JirkaK.]

Tak jsem to zkusil aplikovat ale nejdřív mi to hlásilo zapnutý štít, to jsem odstranil, pak mi to nabídlo novou verzi CF ale to jsem radši odmítl a potom mi to oznámilo něco o chybném hláskování v aplikovaném souboru, nemohlo by to být ta dvojitá dvojtečka za Folder???

[Roli]

Ten skript musí být úplně přesně jak jsem ho napsal, je možné že tam máš někde na začátku mezeru.

Ta dvojitá dvojtečka je správně.

[JirkaK.]

omlouvám se za komplikace ale jak jsem chtěl zkotrolovat ten soubor txt tak se mi podařilo místo toho kliknout na vedle umístěný Combofix a tak jsem ho nechal radši proběhnout a pro jistotu sem dávám log, s tím, že si nejsem jistý , že tedy můžu pokračovat beze změn dle předešlých pokynů s tím txt. souborem:

ComboFix 10-05-06.04 - Jirik 08.05.2010 22:53:46.2.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1405 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirik\Plocha\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-08 do 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-07 08:22 . 2010-05-07 08:22 -------- d-----w- C:\FOUND.067
2010-05-06 15:21 . 2010-05-06 15:21 -------- d-----w- c:\program files\Internet Content Assistant
2010-05-06 15:21 . 2010-05-06 15:21 -------- d-----w- c:\program files\Customized Web Management
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Internet Connection Wizard
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Advanced Access Controller
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Common Files\Count Access Advancer
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Count Access Advancer
2010-05-06 15:20 . 2010-05-06 15:20 -------- d-----w- c:\program files\Automated Result Operator
2010-05-06 15:19 . 2010-05-06 15:19 -------- d-----w- c:\program files\JuicyJoint Toolbar
2010-04-23 19:24 . 2010-04-23 19:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-20 20:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-20 18:29 . 2010-04-20 18:29 -------- d-----w- c:\program files\McAfee Security Scan
2010-04-11 21:14 . 2010-04-11 21:14 -------- d-----w- C:\FOUND.066
2010-04-10 18:05 . 2010-04-10 18:05 -------- d-----w- C:\FOUND.065

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 18:18 . 2009-11-19 12:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-01 20:44 . 2010-04-01 20:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-01 20:42 . 2008-12-14 20:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 20:30 . 2010-04-01 20:30 -------- d-----w- c:\program files\iPod
2010-04-01 20:30 . 2010-04-01 20:30 -------- d-----w- c:\program files\iTunes
2010-04-01 20:27 . 2010-04-01 20:27 -------- d-----w- c:\program files\QuickTime
2010-04-01 20:26 . 2010-04-01 20:26 -------- d-----w- c:\program files\Apple Software Update
2010-03-12 14:24 . 2010-03-12 14:24 -------- d-----w- c:\program files\CryptoPlus
2010-03-12 13:36 . 2010-03-12 13:36 94208 ----a-w- c:\windows\system32\pkcs11wrapper.dll
2010-03-10 06:17 . 1979-12-31 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 22:47 . 2010-02-19 22:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 19:08 . 2004-08-17 14:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2004-08-17 14:45 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:35 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_11.54.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-08 06:21 . 2010-05-08 06:21 16384 c:\windows\temp\Perflib_Perfdata_3f8.dat
+ 2010-05-08 06:19 . 2010-05-08 06:19 16384 c:\windows\temp\Perflib_Perfdata_36c.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

c:\documents and settings\Jirik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-4-9 6144]
Philips GoGear ARIA Device Manager.lnk - c:\program files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2009-12-26 1611152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [6.4.2010 22:29 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [6.4.2010 22:29 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [29.4.2010 19:44 537136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [6.4.2010 22:29 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [6.4.2010 22:28 126392]
R2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe [12.3.2010 16:23 34696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6.5.2010 23:35 102448]
R3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10.8.2009 12:07 89600]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [8.5.2010 8:31 329592]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [16.7.2007 11:38 26272]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-08 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - Jirik.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-04-06 23:51]

2010-05-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;10.*;intranet*;kos*;cport*;psapk01*;obeh*;obchod*;<local>
uInternet Settings,ProxyServer = www-gw.ph.koop.cz:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: chance.cz\www
Trusted Zone: ifortuna.cz\www
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 22:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1723214923-2826457082-3675345140-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F8596B4-67D2-0ED2-BDF2-0D535C43A7EF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1388)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-08 22:59:07
ComboFix-quarantined-files.txt 2010-05-08 20:59
ComboFix2.txt 2010-05-07 11:58
ComboFix3.txt 2008-09-05 17:46
ComboFix4.txt 2008-09-05 15:09

Před spuštěním: Volných bajtů: 108 238 405 632
Po spuštění: Volných bajtů: 108 196 102 144

- - End Of File - - 3C24750E40CB6FD15F883B9CE35674CC

[Roli]

Ano můžeš provést tu akci s tím skriptem.

[JirkaK.]

tak chyba byla opravdu a mé straně, já tam měl zadáno CFSscript, takže opraveno, aplikováno, bez restartu, tady je výsledek, trochu jsem se potil když tam běželo kolik toho maže

ComboFix 10-05-06.04 - Jirik 09.05.2010 13:59:39.3.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1285 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirik\Plocha\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.064
c:\found.064\FILE0000.CHK
C:\FOUND.065
c:\found.065\FILE0000.CHK
C:\FOUND.066
c:\found.066\FILE0000.CHK
c:\found.066\FILE0001.CHK
C:\FOUND.067
c:\found.067\FILE0000.CHK
c:\program files\Advanced Access Controller
c:\program files\Advanced Access Controller\4.6.0.2670\AACCommon.dll
c:\program files\Advanced Access Controller\4.6.0.2670\Data\config.md
c:\program files\Advanced Access Controller\4.6.0.2670\FF\components\AACFFAddOn.dll
c:\program files\Advanced Access Controller\4.6.0.2670\FF\components\AACFFAddOn.xpt
c:\program files\Advanced Access Controller\4.6.0.2670\FF\components\AACFFHelperComponent.js
c:\program files\Advanced Access Controller\4.6.0.2670\FF\chrome.manifest
c:\program files\Advanced Access Controller\4.6.0.2670\FF\chrome\AACAddOn.jar
c:\program files\Advanced Access Controller\4.6.0.2670\FF\chrome\content\AACAddOn.js
c:\program files\Advanced Access Controller\4.6.0.2670\FF\chrome\content\AACAddOn.xul
c:\program files\Advanced Access Controller\4.6.0.2670\FF\install.rdf
c:\program files\Advanced Access Controller\4.6.0.2670\unins000.dat
c:\program files\Advanced Access Controller\4.6.0.2670\unins000.exe
c:\program files\Automated Result Operator
c:\program files\Automated Result Operator\4.6.0.2810\AROCommon.dll
c:\program files\Automated Result Operator\4.6.0.2810\Data\config.md
c:\program files\Automated Result Operator\4.6.0.2810\FF\components\AROFFAddOn.dll
c:\program files\Automated Result Operator\4.6.0.2810\FF\components\AROFFAddOn.xpt
c:\program files\Automated Result Operator\4.6.0.2810\FF\components\AROFFHelperComponent.js
c:\program files\Automated Result Operator\4.6.0.2810\FF\chrome.manifest
c:\program files\Automated Result Operator\4.6.0.2810\FF\chrome\AROAddOn.jar
c:\program files\Automated Result Operator\4.6.0.2810\FF\chrome\content\AROAddOn.js
c:\program files\Automated Result Operator\4.6.0.2810\FF\chrome\content\AROAddOn.xul
c:\program files\Automated Result Operator\4.6.0.2810\FF\install.rdf
c:\program files\Automated Result Operator\4.6.0.2810\unins000.dat
c:\program files\Automated Result Operator\4.6.0.2810\unins000.exe
c:\program files\Common Files\Count Access Advancer
c:\program files\Common Files\Count Access Advancer\5.6.0.7190\CAACommon.dll
c:\program files\Common Files\Count Access Advancer\5.6.0.7190\Data\config.md
c:\program files\Count Access Advancer
c:\program files\Count Access Advancer\5.6.0.7190\CAACommon.dll
c:\program files\Count Access Advancer\5.6.0.7190\Data\config.md
c:\program files\Count Access Advancer\5.6.0.7190\FF\components\CAAFFAddOn.dll
c:\program files\Count Access Advancer\5.6.0.7190\FF\components\CAAFFAddOn.xpt
c:\program files\Count Access Advancer\5.6.0.7190\FF\components\CAAFFHelperComponent.js
c:\program files\Count Access Advancer\5.6.0.7190\FF\chrome.manifest
c:\program files\Count Access Advancer\5.6.0.7190\FF\chrome\CAAAddOn.jar
c:\program files\Count Access Advancer\5.6.0.7190\FF\chrome\content\CAAAddOn.js
c:\program files\Count Access Advancer\5.6.0.7190\FF\chrome\content\CAAAddOn.xul
c:\program files\Count Access Advancer\5.6.0.7190\FF\install.rdf
c:\program files\Count Access Advancer\5.6.0.7190\Chrome\background.html
c:\program files\Count Access Advancer\5.6.0.7190\Chrome\CAAChromeAddOn.dll
c:\program files\Count Access Advancer\5.6.0.7190\Chrome\manifest.json
c:\program files\Count Access Advancer\5.6.0.7190\chromesh.dll
c:\program files\Count Access Advancer\5.6.0.7190\unins000.dat
c:\program files\Count Access Advancer\5.6.0.7190\unins000.exe
c:\program files\Customized Web Management
c:\program files\Customized Web Management\1.6.0.3840\config.mx
c:\program files\Customized Web Management\1.6.0.3840\cwmsh.dll
c:\program files\Customized Web Management\1.6.0.3840\data.mx
c:\program files\Customized Web Management\1.6.0.3840\exclude.mx
c:\program files\Customized Web Management\1.6.0.3840\FF\components\CWMFFAddOn.dll
c:\program files\Customized Web Management\1.6.0.3840\FF\components\CWMFFAddOn.xpt
c:\program files\Customized Web Management\1.6.0.3840\FF\chrome.manifest
c:\program files\Customized Web Management\1.6.0.3840\FF\chrome\content\AddOn.js
c:\program files\Customized Web Management\1.6.0.3840\FF\chrome\content\AddOn.xul
c:\program files\Customized Web Management\1.6.0.3840\FF\install.rdf
c:\program files\Customized Web Management\1.6.0.3840\MatchingData.zd5
c:\program files\Customized Web Management\1.6.0.3840\pxtmpdata.mx
c:\program files\Customized Web Management\1.6.0.3840\running.mx
c:\program files\Customized Web Management\1.6.0.3840\unins000.dat
c:\program files\Customized Web Management\1.6.0.3840\unins000.exe
c:\program files\Internet Connection Wizard
c:\program files\Internet Connection Wizard\1.6.0.2350\data\itcfg.md
c:\program files\Internet Connection Wizard\1.6.0.2350\InternetToday.ico
c:\program files\Internet Connection Wizard\1.6.0.2350\InternetToday.skf
c:\program files\Internet Connection Wizard\1.6.0.2350\ITConfigMgr.dll
c:\program files\Internet Connection Wizard\1.6.0.2350\mfc80.dll
c:\program files\Internet Connection Wizard\1.6.0.2350\Microsoft.VC80.CRT.manifest
c:\program files\Internet Connection Wizard\1.6.0.2350\Microsoft.VC80.MFC.manifest
c:\program files\Internet Connection Wizard\1.6.0.2350\msvcr80.dll
c:\program files\Internet Connection Wizard\1.6.0.2350\SkinCrafterDll.dll
c:\program files\Internet Connection Wizard\1.6.0.2350\unins000.dat
c:\program files\Internet Connection Wizard\1.6.0.2350\unins000.exe
c:\program files\Internet Content Assistant
c:\program files\Internet Content Assistant\1.6.0.3960\data\pxtmpdata.mx
c:\program files\Internet Content Assistant\1.6.0.3960\data\TP_Config.mx
c:\program files\Internet Content Assistant\1.6.0.3960\data\TP_Data.mx
c:\program files\Internet Content Assistant\1.6.0.3960\data\TP_DomainExcludeList.mx
c:\program files\Internet Content Assistant\1.6.0.3960\data\TP_DomainInterval.mx
c:\program files\Internet Content Assistant\1.6.0.3960\data\TP_KeywordInterval.mx
c:\program files\Internet Content Assistant\1.6.0.3960\data\TP_Rstatus.mx
c:\program files\Internet Content Assistant\1.6.0.3960\FF\components\FFHelperComponent.js
c:\program files\Internet Content Assistant\1.6.0.3960\FF\components\ICAFFAddOn.dll
c:\program files\Internet Content Assistant\1.6.0.3960\FF\components\IICAFFComponent.xpt
c:\program files\Internet Content Assistant\1.6.0.3960\FF\chrome.manifest
c:\program files\Internet Content Assistant\1.6.0.3960\FF\chrome\content\FFAddOn.js
c:\program files\Internet Content Assistant\1.6.0.3960\FF\chrome\content\FFAddOn.js.bak
c:\program files\Internet Content Assistant\1.6.0.3960\FF\chrome\content\FFAddOn.xul
c:\program files\Internet Content Assistant\1.6.0.3960\FF\chrome\content\FFAddOn.xul.bak
c:\program files\Internet Content Assistant\1.6.0.3960\FF\install.rdf
c:\program files\Internet Content Assistant\1.6.0.3960\unins000.dat
c:\program files\Internet Content Assistant\1.6.0.3960\unins000.exe
c:\program files\JuicyJoint Toolbar

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-09 do 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-04-23 19:24 . 2010-04-23 19:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-20 20:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-20 18:29 . 2010-04-20 18:29 -------- d-----w- c:\program files\McAfee Security Scan

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 18:18 . 2009-11-19 12:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-01 20:44 . 2010-04-01 20:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-01 20:42 . 2008-12-14 20:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-01 20:30 . 2010-04-01 20:30 -------- d-----w- c:\program files\iPod
2010-04-01 20:30 . 2010-04-01 20:30 -------- d-----w- c:\program files\iTunes
2010-04-01 20:27 . 2010-04-01 20:27 -------- d-----w- c:\program files\QuickTime
2010-04-01 20:26 . 2010-04-01 20:26 -------- d-----w- c:\program files\Apple Software Update
2010-03-12 14:24 . 2010-03-12 14:24 -------- d-----w- c:\program files\CryptoPlus
2010-03-12 13:36 . 2010-03-12 13:36 94208 ----a-w- c:\windows\system32\pkcs11wrapper.dll
2010-03-10 06:17 . 1979-12-31 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 22:47 . 2010-02-19 22:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 19:08 . 2004-08-17 14:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2004-08-17 14:45 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:35 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_11.54.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 06:49 . 2010-05-09 06:49 16384 c:\windows\temp\Perflib_Perfdata_418.dat
+ 2010-05-09 06:47 . 2010-05-09 06:48 16384 c:\windows\temp\Perflib_Perfdata_370.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

c:\documents and settings\Jirik\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-4-9 6144]
Philips GoGear ARIA Device Manager.lnk - c:\program files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2009-12-26 1611152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1106000.020\symds.sys [6.4.2010 22:29 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1106000.020\symefa.sys [6.4.2010 22:29 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [29.4.2010 19:44 537136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1106000.020\ironx86.sys [6.4.2010 22:29 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe [6.4.2010 22:28 126392]
R2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe [12.3.2010 16:23 34696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6.5.2010 23:35 102448]
R3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [10.8.2009 12:07 89600]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSXpx86.sys [8.5.2010 8:31 329592]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver;c:\windows\system32\drivers\nvhda32.sys [16.7.2007 11:38 26272]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-08 c:\windows\Tasks\Norton Internet Security - Prověřit tento počítač - Jirik.job
- c:\program files\Norton Internet Security\Engine\17.6.0.32\navw32.exe [2010-04-06 23:51]

2010-05-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;10.*;intranet*;kos*;cport*;psapk01*;obeh*;obchod*;<local>
uInternet Settings,ProxyServer = www-gw.ph.koop.cz:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: chance.cz\www
Trusted Zone: ifortuna.cz\www
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxp://download.seznam.cz/listicka/toolbar2007.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 14:03
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.6.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1723214923-2826457082-3675345140-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6F8596B4-67D2-0ED2-BDF2-0D535C43A7EF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-05-09 14:05:13
ComboFix-quarantined-files.txt 2010-05-09 12:05
ComboFix2.txt 2010-05-08 20:59
ComboFix3.txt 2010-05-07 11:58
ComboFix4.txt 2008-09-05 17:46
ComboFix5.txt 2010-05-09 11:50

Před spuštěním: Volných bajtů: 108 238 667 776
Po spuštění: Volných bajtů: 108 177 883 136

- - End Of File - - 330B06AF09D699980B631426C321F2A4

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Pak dej vědět jaký je stav PC.

[JirkaK.]

odinstalováno, PC jsem zrestartoval, vše jak se zdá probíhá korektně

[JirkaK.]

Aha tak jak se zdá jsme u konce Čekal jsem jestli ještě něco bude zapotřebí, děkuji pěkně nastotisíckrát za pomoc a jako poděkování zasílám alespoň nějaký příspěvek na prvoz fóra, ještě jednou děkuji

[Roli]

Není vůbec zač a kdyby zase něco jsi vítán