Zavirovaný PC Vyřešeno

[memphisto]

To je ale normální, že to takhle trvá,jelikož to dočišťuje Znovu

[Reklama]

[-frost-]

Já to vím, vždyť to nedělám poprvé. Ale aby to dočišťovalo necelou hodinu, to mi normální nepřijde. PC sice nezamrzlo, ale HDD očividně nepracovalo, soudě podle indikační diody, zvuku, respektive ticha...

[memphisto]

Klidně to nech a uvidíš

[-frost-]

Takže stejný postup jako na předchozí straně? Vytvořit texťák atd, nebo jen kontrolu?

[memphisto]

Stejný skript a znovu

[-frost-]

Tak jsem si konečně našel čas, omlouvám se za zpoždění...
ComboFix opět zlobil při restartu PC, cca po hodině a půl jsem musel natvrdo restartovat. Pří tvorbě logu už běžel normálně...

ComboFix 10-12-30.03 - davidek 31.12.2010 10:21:35.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.1790.1252 [GMT 1:00]
Spuštěný z: c:\documents and settings\davidek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\davidek\Plocha\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\DRIVERS\ElbyVCD.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ElbyVCD


((((((((((((((((((((((((( Soubory vytvořené od 2010-11-28 do 2010-12-31 )))))))))))))))))))))))))))))))
.

2010-12-27 16:41 . 2010-12-27 16:41 -------- d-----w- c:\documents and settings\davidek\DoctorWeb
2010-12-27 16:09 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-27 16:09 . 2010-12-27 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-27 16:09 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-25 20:21 . 2010-12-25 20:21 388096 ----a-r- c:\documents and settings\davidek\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-25 20:21 . 2010-12-25 20:21 -------- d-----w- c:\program files\Trend Micro
2010-12-25 09:26 . 2010-12-25 09:45 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2010-12-25 09:26 . 2010-12-25 09:45 114243 ----a-w- c:\windows\system32\drivers\klin.dat
2010-12-25 09:24 . 2010-12-31 11:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab
2010-12-25 09:18 . 2010-12-25 09:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Kaspersky Lab Setup Files
2010-12-24 19:18 . 2008-03-05 15:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-12-24 19:18 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-12-24 19:18 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2010-12-24 19:18 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2010-12-24 19:18 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-12-24 19:17 . 2010-12-24 19:17 -------- d-----w- c:\windows\Logs
2010-12-24 12:03 . 2010-12-27 18:40 -------- d-----w- c:\windows\Internet Logs
2010-12-24 10:30 . 2010-12-24 10:31 -------- d-----w- c:\program files\CCleaner
2010-12-13 14:37 . 2010-12-13 14:37 -------- d-----w- c:\program files\Ubi Soft
2010-12-13 14:37 . 2010-12-13 14:35 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-12-13 14:37 . 2010-12-13 14:35 69632 ----a-w- c:\windows\system32\xmltok.dll
2010-12-13 14:37 . 2010-12-13 14:35 36864 ----a-w- c:\windows\system32\xmlparse.dll
2010-12-13 14:37 . 2010-12-13 14:35 35840 ----a-w- c:\windows\system32\comdlg32.oca
2010-12-13 14:37 . 2010-12-13 14:35 26064 ----a-w- c:\windows\system32\xmlinst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 09:14 . 2010-10-31 09:39 5818 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-05-15 11:16 . 2010-05-15 11:16 1961128 ----a-w- c:\program files\postak-ie-2.4.8.exe
2010-05-08 13:37 . 2010-05-08 13:37 687828 ----a-w- c:\program files\JpegResampler.exe
2009-12-17 11:17 . 2007-11-17 22:47 2921492 -c--a-w- c:\program files\save2pc_light_setup.exe
2009-09-08 14:27 . 2010-01-11 08:40 3196736 -c--a-w- c:\program files\tcm75rc2.exe
2009-08-28 07:07 . 2009-08-28 07:06 660710 -c--a-w- c:\program files\mionasatv.exe
2009-03-11 18:02 . 2009-03-11 18:02 547488 -c--a-w- c:\program files\GoogleEarthPluginSetup.exe
2009-03-11 17:51 . 2009-03-11 17:51 547480 -c--a-w- c:\program files\GoogleEarthSetup.exe
2008-12-06 21:56 . 2008-12-06 21:56 7943030 -c--a-w- c:\program files\AVI_ReComp_1.4.0_Setup.exe
2008-12-06 19:24 . 2008-12-06 19:24 10252213 -c--a-w- c:\program files\AVI_ReComp_1.4.4_Setup.exe
2008-12-06 18:43 . 2008-12-06 18:43 7732946 -c--a-w- c:\program files\AVI_ReComp_1.2.3_Setup.exe
2008-07-02 20:21 . 2008-07-02 20:21 7726360 -c--a-w- c:\program files\Google_Earth_CZXV.exe
2008-06-15 17:40 . 2008-06-15 17:40 23766320 -c--a-w- c:\program files\QuickTimeInstaller 7.exe
2008-06-15 17:26 . 2008-06-15 17:26 4378143 -c--a-w- c:\program files\ultra_mpeg4converter.exe
2008-06-15 17:07 . 2008-06-15 17:07 6588451 -c--a-w- c:\program files\AoneVideoConvert.exe
2008-06-15 16:45 . 2008-06-15 16:45 248984 -c--a-w- c:\program files\prismsetup.exe
2008-06-14 14:14 . 2008-06-14 14:14 9390251 -c--a-w- c:\program files\vlc-0.8.6h-win32.exe
2008-06-06 19:17 . 2008-06-06 19:17 2121262 -c--a-w- c:\program files\orbitron.exe
2008-04-29 20:01 . 2008-04-29 20:01 1491843 -c--a-w- c:\program files\RADTools.exe
2008-04-24 17:04 . 2008-04-24 17:04 724138 -c--a-w- c:\program files\QuickTimeInstaller.exe
2008-04-24 16:59 . 2008-04-24 16:59 1445782 -c--a-w- c:\program files\iTunesSetup.exe
2008-01-20 11:14 . 2008-01-20 11:14 4324207 -c--a-w- c:\program files\codec bazén Hořice.exe
2007-12-26 09:10 . 2007-12-26 09:10 17038263 -c--a-w- c:\program files\330296_291618_SMSender.cs_CZ.exe
2007-12-15 16:59 . 2007-12-15 16:59 7797768 -c--a-w- c:\program files\Azureus_3.0.4.0_windows.exe
2007-12-08 19:17 . 2007-12-08 19:17 17743457 -c--a-w- c:\program files\MediaCoder-0.6.0.3905.exe
2007-11-17 23:51 . 2007-11-17 23:51 3921909 -c--a-w- c:\program files\Tubedownloader10.exe
2007-11-17 23:35 . 2007-11-17 23:35 2677666 -c--a-w- c:\program files\youripper220.exe
2007-11-17 22:04 . 2007-11-17 22:03 1046859 -c--a-w- c:\program files\adstahovac.exe
2007-11-17 21:56 . 2007-11-17 21:56 735815 -c--a-w- c:\program files\cydsetup.exe
2007-11-17 21:49 . 2007-11-17 21:49 5995043 -c--a-w- c:\program files\ytgrabber.exe
2007-11-17 21:38 . 2007-11-17 21:38 280128 -c--a-w- c:\program files\FlvPlayer_1.4.exe
2007-10-13 20:38 . 2007-10-13 20:39 3861320 -c--a-w- c:\program files\eMule0.48a-Installer2.exe
2007-06-18 17:59 . 2007-06-18 17:59 23814184 -c--a-w- c:\program files\SkypeSetup.exe
2006-11-04 19:36 . 2008-05-06 19:37 758272 -c--a-w- c:\program files\VirtualDub.exe
2006-11-04 19:35 . 2008-05-06 19:37 7738 -c--a-w- c:\program files\vdub.exe
2006-11-04 19:34 . 2008-05-06 19:37 16384 -c--a-w- c:\program files\auxsetup.exe
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdremote.dll
2006-11-04 19:34 . 2008-05-06 19:37 5120 -c--a-w- c:\program files\vdsvrlnk.dll
2006-11-04 19:34 . 2008-05-06 19:37 7168 -c--a-w- c:\program files\vdicmdrv.dll
2004-10-01 13:00 . 2007-06-18 19:21 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-17 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2009-09-23 434840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"AVP"="d:\david\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-12-25 340520]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 54784]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Kodak EasyShare software.lnk.disabled [2007-6-24 1807]
Kodak software updater.lnk.disabled [2007-6-24 1954]
QuickTV.lnk.disabled [2007-6-15 687]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=d:\david\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 14:21 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
2005-06-20 13:38 446464 ----a-w- c:\program files\Seznam\Postak\Postak.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\David\\Opera\\opera.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 20:18 36880]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.10.2007 20:44 691696]
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [30.9.2010 13:01 196912]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [25.6.2008 17:51 2368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\david\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [19.4.2010 12:45 1050440]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 18:39 19472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\david\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 10:18 10064]
S2 BT848;AVerMedia, AVerTV WDM Video Capture;c:\windows\system32\drivers\BT848.sys [15.6.2007 22:39 260712]
S2 BTTUNER;AVerMedia, AVerTV WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [15.6.2007 22:40 21504]
S2 BTXBAR;AVerMedia, AVerTV WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [15.6.2007 22:40 13308]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 gupdate1c9a272f21f568;Google Update Service (gupdate1c9a272f21f568);c:\program files\Google\Update\GoogleUpdate.exe [11.3.2009 18:51 133104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [5.5.2009 19:20 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [5.5.2009 19:20 3768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
Obsah adresáře 'Naplánované úlohy'

2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]

2010-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 17:51]

2010-12-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-790525478-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-12-31 c:\windows\Tasks\User_Feed_Synchronization-{B43AD016-F39A-462A-A30F-AB20186F3122}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.cz/ig?hl=cs
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - d:\david\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Translator\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Translator\WEBIE.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-31 12:07
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1544)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll

- - - - - - - > 'explorer.exe'(468)
c:\progra~1\COMMON~1\Stardock\MCPCore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\progra~1\COMMON~1\Stardock\SDMCP.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\System32\PAStiSvc.exe
d:\david\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-12-31 12:13:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-31 11:13
ComboFix2.txt 2010-12-27 19:07
ComboFix3.txt 2010-12-27 17:44

Před spuštěním: 3 779 411 968
Po spuštění: 3 771 211 776

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 555D1FFD5043D294724E4F886440C7F1

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+HJT

Jak se chová PC?

[-frost-]

Vytížení CPU po startu systému je OK. Ještě se zeptám, jestli bude nějaký problém, když si zpětně nainstaluju ten program TrojanHunter, který jste mi v úvodu doporučili odinstalovat. Ne, že bych ho chtěl používat dlouhodobě, ale jen pro občasnou kontrolu systému.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:46:24, on 31.12.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
D:\David\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
D:\David\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wuauclt.exe
D:\David\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ig?hl=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\Translator\WEBIE.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\Translator\WEBIE.DLL
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Kodak software updater.lnk.disabled
O4 - Global Startup: QuickTV.lnk.disabled
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\David\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do Anti-Banner - D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\David\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\Translator\WEBIE.DLL
O9 - Extra button: &Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: D:\David\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - D:\David\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate1c9a272f21f568) (gupdate1c9a272f21f568) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\David\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\David\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 11123 bytes

[memphisto]

Ten program je úplně k ničemu a aby to tak nevypadalo, tak si občas něco vymyslí a odstraní. Log HJT je ok

[-frost-]

Dobře. Děkuju za pomoc