VIRY.CZ

Dobrý den,

nezjistil jsem nějakou 100% souvislost, ale restartovává se mi PC. Někdy je to při koukání na youtube, někdy jen při zapnutém prohlížeči, někdy při psaní v OpenOffice ... Asi nějaká havěť ... nevím

Podotýkám, že raději posílám log po situaci, kdy jsem v msconfig všechno zase povolil. Možná že by se tímto dala zjistit závada, která by mohla být napůl schovaná v procesech - a že mi toho najednou naskákalo

Předem děkuji

PS 1:
1/ před provedením scanu RSITu jsem zaktualizoval anti spyw (MBAM, SAS, Spyboot a Terminator - rezidentní spy) a Aviru (ve free verzi).
2/ vypnul jsem internet, restartoval a vypnul Obnovu systémua o5 restartoval. Dále CCleaner (clean a reg). Věřím totiž, že je to nejsprávnější řešení, který by měl dělat každý, kdo chce něco léčit. Kdyždatak mě opravte ...

PS2:
po "PS 1" jsem otestoval PC v jednotlivých antispy a Aviře a po Vašem hodnocení RSITu budu porovnávat změny, jelikož nejspíše stejně vyzvete k použitým sw

Jednotlivé antispy jsem system testoval s vypnutým rezident Terminátora a vypnutou Avirou ... je to OK?

PS3: Log s RSITu je bez zapojení PC k netu. Pokud budete chtít, vložím log se zapnutým netem

Možná dost otázek na začátek což? Když už něco udělám tak pořádně a s odborníky

a dle odpovědí bych rád použil Topic jako mustr pro mě, aby jsem nemusel otravovat

Díky
RSIT bez netu

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kája at 2010-09-20 20:57:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (61%) free of 30 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:59, on 20.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ConMet\ConMet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\everest.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
D:\DOWNLOAD\_MistoPlochy\viry.cz_PCBlaza\RSIT32.exe
C:\Program Files\trend micro\Kája.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = novinky.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files\Songbird\songbirditunesagent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\everest.exe
O4 - HKCU\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Gmail Notifier.exe] C:\Program Files\Gmail Notifier\Gmail Notifier.exe /startup
O4 - HKCU\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272987650843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{785ACEF6-E570-49A5-89F3-2F98BD15D776}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3EB1E2C-0858-4F6F-BA8E-0D9D2F106A51}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 12453 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1972579041-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1972579041-682003330-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1972579041-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1972579041-682003330-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-06-24 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-09-05 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-06-24 1241448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"nwiz"=nwiz.exe /install []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-09-20 2183680]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-09-05 202256]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"hmonitor"=C:\Program Files\Hmonitor\hmonitor.exe [2010-06-21 1760768]
"ConMet"=C:\Program Files\ConMet\ConMet.exe [2010-09-17 4025856]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-08 47904]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"nwiz"=nwiz.exe /install []
"sbitunesagent"=C:\Program Files\Songbird\songbirditunesagent.exe [2010-08-31 266240]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-20 26192680]
"EVEREST AutoStart"=C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\everest.exe [2010-07-01 2476640]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2008-05-23 1011712]
"Gmail Notifier.exe"=C:\Program Files\Gmail Notifier\Gmail Notifier.exe [2010-06-13 2154496]
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-14 94208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-20 11:01:41 ----D---- C:\Program Files\trend micro
2010-09-20 11:01:40 ----D---- C:\rsit
2010-09-17 23:23:12 ----D---- C:\Program Files\QuickTime
2010-09-17 20:30:20 ----D---- C:\Program Files\ConMet
2010-09-17 20:30:20 ----D---- C:\Documents and Settings\Kája\Data aplikací\ConMet
2010-09-17 20:30:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\ConMet
2010-09-17 18:33:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-09-17 18:32:59 ----D---- C:\Program Files\Common Files\Adobe
2010-09-17 18:32:59 ----D---- C:\Program Files\Adobe
2010-09-17 18:10:56 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-17 18:10:56 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-17 18:10:56 ----A---- C:\WINDOWS\system32\java.exe
2010-09-17 17:59:16 ----D---- C:\Program Files\CodeStuff
2010-09-17 17:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-17 17:50:02 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-17 17:24:43 ----D---- C:\Program Files\Safer Networking
2010-09-17 16:28:32 ----D---- C:\WINDOWS\pss
2010-09-14 18:51:21 ----D---- C:\Lyrics
2010-09-14 18:50:05 ----D---- C:\Program Files\Minilyrics
2010-09-14 18:35:58 ----A---- C:\winamp.ini
2010-09-14 18:35:46 ----D---- C:\Program Files\Winamp
2010-09-14 18:35:24 ----D---- C:\Program Files\EvilLyrics
2010-09-14 18:01:58 ----D---- C:\Program Files\MediaMonkey
2010-09-14 16:13:35 ----D---- C:\Documents and Settings\Kája\Data aplikací\Songbird2
2010-09-14 16:12:50 ----D---- C:\Program Files\Songbird
2010-09-14 15:37:09 ----A---- C:\WINDOWS\JFEXRMC.INI
2010-09-14 15:21:15 ----D---- C:\Documents and Settings\Kája\Data aplikací\COWON
2010-09-14 15:19:14 ----D---- C:\Program Files\Common Files\COWON
2010-09-14 15:19:13 ----D---- C:\Program Files\JetAudio
2010-09-14 14:29:51 ----D---- C:\Documents and Settings\Kája\Data aplikací\Apple Computer
2010-09-14 14:29:43 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-09-14 14:29:43 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-09-14 14:29:10 ----D---- C:\Program Files\iPod
2010-09-14 14:29:05 ----D---- C:\Program Files\iTunes
2010-09-14 14:29:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-14 14:28:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-09-14 14:28:09 ----D---- C:\Program Files\Apple Software Update
2010-09-14 14:27:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-14 14:27:41 ----D---- C:\Program Files\Bonjour
2010-09-14 14:27:27 ----D---- C:\Program Files\Common Files\Apple
2010-09-14 14:27:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-09-05 18:34:56 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-09-05 18:34:53 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-09-05 18:34:53 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-09-05 18:34:43 ----D---- C:\Program Files\Common Files\xing shared
2010-09-05 18:34:20 ----D---- C:\Program Files\Real
2010-09-05 18:34:20 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-09-05 18:34:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-09-05 18:34:20 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-09-05 18:34:18 ----D---- C:\Program Files\Common Files\Real
2010-09-05 18:34:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-09-05 18:34:16 ----D---- C:\Documents and Settings\Kája\Data aplikací\Real
2010-09-05 17:45:36 ----A---- C:\WINDOWS\system32\drivers\hmonitor45.sys
2010-08-21 00:07:04 ----D---- C:\Program Files\SpeedFan

======List of files/folders modified in the last 1 months======

2010-09-20 20:55:25 ----D---- C:\Program Files\Crawler
2010-09-20 20:50:51 ----A---- C:\WINDOWS\system32\everest_cpl.ini
2010-09-20 20:50:18 ----D---- C:\WINDOWS\Temp
2010-09-20 20:50:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-20 20:50:15 ----D---- C:\WINDOWS\system32\drivers
2010-09-20 20:49:35 ----D---- C:\WINDOWS\Minidump
2010-09-20 20:49:35 ----D---- C:\WINDOWS
2010-09-20 20:23:20 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-20 18:41:13 ----D---- C:\WINDOWS\Prefetch
2010-09-20 18:40:22 ----D---- C:\WINDOWS\Registration
2010-09-20 13:32:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-09-20 12:11:57 ----D---- C:\Documents and Settings\Kája\Data aplikací\Skype
2010-09-20 11:51:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-09-20 11:33:36 ----D---- C:\WINDOWS\system32\Restore
2010-09-20 11:33:21 ----SHD---- C:\System Volume Information
2010-09-20 11:31:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-20 11:17:57 ----D---- C:\Documents and Settings\Kája\Data aplikací\Spyware Terminator
2010-09-20 11:17:47 ----D---- C:\Program Files\Spyware Terminator
2010-09-20 11:14:16 ----D---- C:\Documents and Settings\Kája\Data aplikací\Gmail Notifier
2010-09-20 11:11:56 ----SH---- C:\boot.ini
2010-09-20 11:11:56 ----A---- C:\WINDOWS\win.ini
2010-09-20 11:11:56 ----A---- C:\WINDOWS\system.ini
2010-09-20 11:01:41 ----RD---- C:\Program Files
2010-09-20 10:50:08 ----SD---- C:\WINDOWS\Tasks
2010-09-20 10:45:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-09-20 10:06:08 ----A---- C:\WINDOWS\wincmd.ini
2010-09-19 17:39:41 ----SD---- C:\Documents and Settings\Kája\Data aplikací\Microsoft
2010-09-19 17:01:02 ----D---- C:\Program Files\The KMPlayer
2010-09-19 16:37:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-18 22:49:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-18 22:03:09 ----D---- C:\Program Files\Mozilla Firefox
2010-09-18 21:15:07 ----D---- C:\WINDOWS\Debug
2010-09-17 23:23:46 ----SHD---- C:\WINDOWS\Installer
2010-09-17 23:23:46 ----SHD---- C:\Config.Msi
2010-09-17 23:23:12 ----D---- C:\WINDOWS\system32
2010-09-17 18:36:20 ----D---- C:\Documents and Settings\Kája\Data aplikací\Adobe
2010-09-17 18:33:18 ----D---- C:\WINDOWS\WinSxS
2010-09-17 18:32:59 ----D---- C:\Program Files\Common Files
2010-09-17 18:10:53 ----D---- C:\Program Files\Java
2010-09-17 17:50:32 ----HD---- C:\WINDOWS\inf
2010-09-17 17:50:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-17 17:30:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-09-17 17:30:39 ----RSD---- C:\WINDOWS\assembly
2010-09-15 12:57:48 ----D---- C:\Program Files\SUPERAntiSpyware
2010-09-14 18:35:31 ----D---- C:\Program Files\Windows Media Player
2010-09-14 15:19:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-10 14:34:30 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-01 12:09:50 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 98817672;98817672 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\98817672.sys [2009-10-22 37392]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 98817671;98817671; C:\WINDOWS\system32\DRIVERS\98817671.sys [2009-09-25 128016]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\kerneld.wnt []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-08-31 15664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2005-05-02 36484]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2006-12-20 41600]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 utezmza0;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utezmza0.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-16 488960]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-04-18 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-05 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-04-18 360192]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím, tvůj dosavadní postup je v pořádku ale než budeme pokračovat odstraň prosím log z CODE

blbě se to čte, dík.

JJ jasně, tady je ...

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kája at 2010-09-20 20:57:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (61%) free of 30 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:59, on 20.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ConMet\ConMet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\everest.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
D:\DOWNLOAD\_MistoPlochy\viry.cz_PCBlaza\RSIT32.exe
C:\Program Files\trend micro\Kája.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = novinky.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [ConMet] C:\Program Files\ConMet\ConMet.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files\Songbird\songbirditunesagent.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\everest.exe
O4 - HKCU\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [Gmail Notifier.exe] C:\Program Files\Gmail Notifier\Gmail Notifier.exe /startup
O4 - HKCU\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2987650843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{785ACEF6-E570-49A5-89F3-2F98BD15D776}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3EB1E2C-0858-4F6F-BA8E-0D9D2F106A51}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 12453 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1972579041-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1972579041-682003330-1004.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1972579041-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1972579041-682003330-1004.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2010-06-24 1241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-09-05 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\ctbr.dll [2010-06-24 1241448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"nwiz"=nwiz.exe /install []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-09-20 2183680]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-09-05 202256]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-01 421160]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"hmonitor"=C:\Program Files\Hmonitor\hmonitor.exe [2010-06-21 1760768]
"ConMet"=C:\Program Files\ConMet\ConMet.exe [2010-09-17 4025856]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-08 47904]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"nwiz"=nwiz.exe /install []
"sbitunesagent"=C:\Program Files\Songbird\songbirditunesagent.exe [2010-08-31 266240]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-20 26192680]
"EVEREST AutoStart"=C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\everest.exe [2010-07-01 2476640]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2008-05-23 1011712]
"Gmail Notifier.exe"=C:\Program Files\Gmail Notifier\Gmail Notifier.exe [2010-06-13 2154496]
"GhostStartTrayApp"=C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2002-08-14 94208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-20 11:01:41 ----D---- C:\Program Files\trend micro
2010-09-20 11:01:40 ----D---- C:\rsit
2010-09-17 23:23:12 ----D---- C:\Program Files\QuickTime
2010-09-17 20:30:20 ----D---- C:\Program Files\ConMet
2010-09-17 20:30:20 ----D---- C:\Documents and Settings\Kája\Data aplikací\ConMet
2010-09-17 20:30:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\ConMet
2010-09-17 18:33:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-09-17 18:32:59 ----D---- C:\Program Files\Common Files\Adobe
2010-09-17 18:32:59 ----D---- C:\Program Files\Adobe
2010-09-17 18:10:56 ----A---- C:\WINDOWS\system32\javaws.exe
2010-09-17 18:10:56 ----A---- C:\WINDOWS\system32\javaw.exe
2010-09-17 18:10:56 ----A---- C:\WINDOWS\system32\java.exe
2010-09-17 17:59:16 ----D---- C:\Program Files\CodeStuff
2010-09-17 17:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-17 17:50:02 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-17 17:24:43 ----D---- C:\Program Files\Safer Networking
2010-09-17 16:28:32 ----D---- C:\WINDOWS\pss
2010-09-14 18:51:21 ----D---- C:\Lyrics
2010-09-14 18:50:05 ----D---- C:\Program Files\Minilyrics
2010-09-14 18:35:58 ----A---- C:\winamp.ini
2010-09-14 18:35:46 ----D---- C:\Program Files\Winamp
2010-09-14 18:35:24 ----D---- C:\Program Files\EvilLyrics
2010-09-14 18:01:58 ----D---- C:\Program Files\MediaMonkey
2010-09-14 16:13:35 ----D---- C:\Documents and Settings\Kája\Data aplikací\Songbird2
2010-09-14 16:12:50 ----D---- C:\Program Files\Songbird
2010-09-14 15:37:09 ----A---- C:\WINDOWS\JFEXRMC.INI
2010-09-14 15:21:15 ----D---- C:\Documents and Settings\Kája\Data aplikací\COWON
2010-09-14 15:19:14 ----D---- C:\Program Files\Common Files\COWON
2010-09-14 15:19:13 ----D---- C:\Program Files\JetAudio
2010-09-14 14:29:51 ----D---- C:\Documents and Settings\Kája\Data aplikací\Apple Computer
2010-09-14 14:29:43 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-09-14 14:29:43 ----A---- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-09-14 14:29:10 ----D---- C:\Program Files\iPod
2010-09-14 14:29:05 ----D---- C:\Program Files\iTunes
2010-09-14 14:29:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-14 14:28:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-09-14 14:28:09 ----D---- C:\Program Files\Apple Software Update
2010-09-14 14:27:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-09-14 14:27:41 ----D---- C:\Program Files\Bonjour
2010-09-14 14:27:27 ----D---- C:\Program Files\Common Files\Apple
2010-09-14 14:27:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2010-09-05 18:34:56 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-09-05 18:34:53 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-09-05 18:34:53 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-09-05 18:34:43 ----D---- C:\Program Files\Common Files\xing shared
2010-09-05 18:34:20 ----D---- C:\Program Files\Real
2010-09-05 18:34:20 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-09-05 18:34:20 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-09-05 18:34:20 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-09-05 18:34:18 ----D---- C:\Program Files\Common Files\Real
2010-09-05 18:34:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-09-05 18:34:16 ----D---- C:\Documents and Settings\Kája\Data aplikací\Real
2010-09-05 17:45:36 ----A---- C:\WINDOWS\system32\drivers\hmonitor45.sys
2010-08-21 00:07:04 ----D---- C:\Program Files\SpeedFan

======List of files/folders modified in the last 1 months======

2010-09-20 20:55:25 ----D---- C:\Program Files\Crawler
2010-09-20 20:50:51 ----A---- C:\WINDOWS\system32\everest_cpl.ini
2010-09-20 20:50:18 ----D---- C:\WINDOWS\Temp
2010-09-20 20:50:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-20 20:50:15 ----D---- C:\WINDOWS\system32\drivers
2010-09-20 20:49:35 ----D---- C:\WINDOWS\Minidump
2010-09-20 20:49:35 ----D---- C:\WINDOWS
2010-09-20 20:23:20 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-20 18:41:13 ----D---- C:\WINDOWS\Prefetch
2010-09-20 18:40:22 ----D---- C:\WINDOWS\Registration
2010-09-20 13:32:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-09-20 12:11:57 ----D---- C:\Documents and Settings\Kája\Data aplikací\Skype
2010-09-20 11:51:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-09-20 11:33:36 ----D---- C:\WINDOWS\system32\Restore
2010-09-20 11:33:21 ----SHD---- C:\System Volume Information
2010-09-20 11:31:13 ----D---- C:\WINDOWS\system32\drivers\etc
2010-09-20 11:17:57 ----D---- C:\Documents and Settings\Kája\Data aplikací\Spyware Terminator
2010-09-20 11:17:47 ----D---- C:\Program Files\Spyware Terminator
2010-09-20 11:14:16 ----D---- C:\Documents and Settings\Kája\Data aplikací\Gmail Notifier
2010-09-20 11:11:56 ----SH---- C:\boot.ini
2010-09-20 11:11:56 ----A---- C:\WINDOWS\win.ini
2010-09-20 11:11:56 ----A---- C:\WINDOWS\system.ini
2010-09-20 11:01:41 ----RD---- C:\Program Files
2010-09-20 10:50:08 ----SD---- C:\WINDOWS\Tasks
2010-09-20 10:45:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-09-20 10:06:08 ----A---- C:\WINDOWS\wincmd.ini
2010-09-19 17:39:41 ----SD---- C:\Documents and Settings\Kája\Data aplikací\Microsoft
2010-09-19 17:01:02 ----D---- C:\Program Files\The KMPlayer
2010-09-19 16:37:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-09-18 22:49:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-18 22:03:09 ----D---- C:\Program Files\Mozilla Firefox
2010-09-18 21:15:07 ----D---- C:\WINDOWS\Debug
2010-09-17 23:23:46 ----SHD---- C:\WINDOWS\Installer
2010-09-17 23:23:46 ----SHD---- C:\Config.Msi
2010-09-17 23:23:12 ----D---- C:\WINDOWS\system32
2010-09-17 18:36:20 ----D---- C:\Documents and Settings\Kája\Data aplikací\Adobe
2010-09-17 18:33:18 ----D---- C:\WINDOWS\WinSxS
2010-09-17 18:32:59 ----D---- C:\Program Files\Common Files
2010-09-17 18:10:53 ----D---- C:\Program Files\Java
2010-09-17 17:50:32 ----HD---- C:\WINDOWS\inf
2010-09-17 17:50:28 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-17 17:30:40 ----D---- C:\WINDOWS\Microsoft.NET
2010-09-17 17:30:39 ----RSD---- C:\WINDOWS\assembly
2010-09-15 12:57:48 ----D---- C:\Program Files\SUPERAntiSpyware
2010-09-14 18:35:31 ----D---- C:\Program Files\Windows Media Player
2010-09-14 15:19:13 ----HD---- C:\Program Files\InstallShield Installation Information
2010-09-10 14:34:30 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-01 12:09:50 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 98817672;98817672 Boot Guard Driver; C:\WINDOWS\system32\DRIVERS\98817672.sys [2009-10-22 37392]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R1 98817671;98817671; C:\WINDOWS\system32\DRIVERS\98817671.sys [2009-09-25 128016]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\kerneld.wnt []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2010-08-31 15664]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2005-05-02 36484]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2006-12-20 41600]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 utezmza0;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utezmza0.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2002-08-14 200704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-16 488960]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-04-18 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-05 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-04-18 360192]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Tohle fixni v HJT :

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [hmonitor] C:\Program Files\Hmonitor\hmonitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files\Songbird\songbirditunesagent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Kája.exe

Fix znamená že spustíš HJT Obrázek

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.

Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update

Google Updater Service

Nero BackItUp Scheduler 3

NMIndexingService

TuneUp Program Statistics Service

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

Jelikož jsi již základní čistku provedl použijeme nyní větší kalibr tak že pozorně číst, protože tenhle softík netoleruje chyby.

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.

Zdravím,
- iTunes jsem odistaloval, tak jsem ho v HJT nemusel vypínat

- O4 - HKCU\..\Run: [sbitunesagent] C:\Program Files\Songbird\songbirditunesagent.exe - mám ho skutečně zaházat? Songbird momentáleně používám jako správce mé hudby.
- zaházat službu TuneUp Program Statistics Service - TuneUp používám, bude mi po smazání tohoto fungovat?

Zkladní čistku jsem neprovedl, jen provedl nějaké scany a uložil protokoly. Netroufl jsem si něco mazat, povolovat nebo označovat za false positive. Jsou to scany ještě před tím, než jsem psal na forum, s aktualizovanými databazemy antispy a AV, s vyplým netem (resp. zakázaným v Sítích) a vyplým sledováním systému ... Myslím si totiž, že když je PC v netu zapojeno, může se něco natáhnout, nebo až při zaplém prohlížeči se může pustit nějaký havt proces ... kdyžtak mě opravte a proscanuji znovu. Možná jsem moc panaroidní ... Teď je samozřejmě net a Sledování OS povoleno

Každopádně tady jsou ty první scany:

MBAM

20.9.2010 16:17:43
mbam-log-2010-09-20 (16-17-43).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 201654
Uplynulý čas: 1 hodina(y), 6 minuta(y), 54 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

SAS

Scan type : Complete Scan
Total Scan Time : 00:28:11

Memory items scanned : 516
Memory threats detected : 0
Registry items scanned : 6974
Registry threats detected : 7
File items scanned : 17761
File threats detected : 1

Trojan.Agent/Gen
HKLM\System\ControlSet001\Services\utezmza0
C:\WINDOWS\SYSTEM32\DRIVERS\UTEZMZA0.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_utezmza0
HKLM\System\ControlSet003\Services\utezmza0
HKLM\System\ControlSet003\Enum\Root\LEGACY_utezmza0
HKLM\System\CurrentControlSet\Services\utezmza0
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_utezmza0

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

a poslední Spyw. Terminátor (sperminátor

)

Logfile of Spyware Terminator v2.8.0.18 (db:4.009.020.000)
Scan Time: 20.9.2010 16:30:30 length: 732 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 51680 (Critical:0)
Filter: No System items, No Safe items, No Invalid items

Running Processes
brsvc01a.exe [brother Industries Ltd] : C:\WINDOWS\system32\brsvc01a.exe
brss01a.exe [brother Industries Ltd] : C:\WINDOWS\system32\brss01a.exe
AppleMobileDeviceService.exe [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NBService.exe [Nero AG] : C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
GoogleUpdate.exe [Google Inc.] : C:\Program Files\Google\Update\GoogleUpdate.exe
IoctlSvc.exe [Prolific Technology Inc.] : C:\WINDOWS\system32\IoctlSvc.exe
TUProgSt.exe [TuneUp Software] : C:\WINDOWS\system32\TUProgSt.exe
ConMet.exe [Mgr. Tomáš Papoušek] : C:\Program Files\ConMet\ConMet.exe
everest.exe [Lavalys, Inc.] : C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\everest.exe
BrMfcWnd.exe [Brother Industries, Ltd.] : C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
iPodService.exe [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.com/ie
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - [RealPlayer] : C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, EVEREST AutoStart : [Lavalys, Inc.] : C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\everest.exe
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ControlCenter2.0 : [Brother Industries, Ltd.] : C:\Program Files\BROTHER\CONTROLCENTER2\BRCTRCEN.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Gmail Notifier.exe : [www.gmailnotifier.com] : C:\Program Files\GMAIL NOTIFIER\GMAIL NOTIFIER.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SkyTel : [Realtek Semiconductor Corp.] : C:\WINDOWS\SkyTel.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SSBkgdUpdate : [Scansoft, Inc.] : C:\Program Files\Common Files\SCANSOFT SHARED\SSBKGDUPDATE\SSBKGDUPDATE.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SetDefPrt : [Brother Industories, Ltd.] : C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NeroFilterCheck : [Nero AG] : C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NBKeyScan : [Nero AG] : C:\Program Files\NERO\NERO8\NERO BACKITUP\NBKEYSCAN.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, hmonitor : [AB Software] : C:\Program Files\Hmonitor\hmonitor.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ConMet : [Mgr. Tomáš Papoušek] : C:\Program Files\ConMet\ConMet.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AppleSyncNotifier : [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
04 - Startup: %STARTUPALL%\Status Monitor.lnk [Brother Industries, Ltd.] : C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

Shell Extensions
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
TuneUp Theme Extension - {44440D00-FF19-4AFC-B765-9A0970567D97} - [TuneUp Software] : C:\WINDOWS\system32\uxtuneup.dll
TuneUp Shredder Shell Extension - {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} - [TuneUp Software] : C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll
TuneUp Disk Space Explorer Shell Extension - {4838CD50-7E5D-4811-9B17-C47A85539F28} - [TuneUp Software] : C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll
NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
NeroDigitalIconHandler Class - {B327765E-D724-4347-8B16-78AE18552FC3} - [Nero AG] : C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
NeroDigitalPropSheetHandler Class - {7F1CF152-04F8-453A-B34C-E609530A9DC8} - [Nero AG] : C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll

Services
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\98817671.sys
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\98817672.sys
23 - [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23 - : C:\WINDOWS\system32\drivers\AsIO.sys
23 - [brother Industries Ltd] : C:\WINDOWS\system32\brsvc01a.exe
23 - : C:\WINDOWS\system32\giveio.sys
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\RtkHDAud.sys
23 - [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe
23 - : C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23 - [Nero AG] : C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23 - [Prolific Technology Inc.] : C:\WINDOWS\system32\IoctlSvc.exe
23 - [Intel Corporation] : C:\WINDOWS\system32\DRIVERS\SMBios.sys
23 - [Windows (R) 2000 DDK provider] : C:\WINDOWS\system32\speedfan.sys
23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
23 - [TuneUp Software] : C:\WINDOWS\system32\TUProgSt.exe
23 - : C:\Documents and Settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\kerneld.wnt

Advanced Files Report
%SYSDIR%\uxtuneup.dll [TuneUp Software] [TuneUp Utilities 2009] MD5=4360D5653E885479FED75C378E9FAAB3 SIZE=27904
%SYSDIR%\brsvc01a.exe [brother Industries Ltd] [brother Industries Ltd brsvc01a] MD5=D3FACB34FFF5DB91ADB70987838F8BA7 SIZE=57344
%SYSDIR%\brss01a.exe [brother Industries Ltd] [brother Industries Ltd brss01a.exe] MD5=9E646CD378D4D0C996BAF9BCB18237C7 SIZE=45056
%SYSDIR%\emfxp.dll MD5=501A63F6AAFAED28664928EBDDED3590 SIZE=81920
%SYSDIR%\spool\PRTPROCS\W32X86\brmfpp1.dll [Brother Industries ,Ltd] [Microsoft(R) Windows (R) 2000 Operating System] MD5=D5C949AF42DC0A7E3D26CF63D43604BD SIZE=26285
%SYSDIR%\spool\PRTPROCS\W32X86\ppbipr.dll [Black Ice Software] [Black Ice Color Print Processor] MD5=091BAF6A902261F235B734DEFE0473EC SIZE=47616
%COMMONFILES%\Apple\Mobile Device Support\AppleMobileDeviceService.exe [Apple Inc.] [Apple Mobile Device Service] MD5=70D7BE78061126DD0C3ACCDB7E129017 SIZE=144672
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NBService.exe [Nero AG] [Nero BackItUp] MD5=2AAE889742376EDC5C3203DFB74F28FD SIZE=877864
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NB.dll [Nero AG] [Nero BackItUp] MD5=3152C4023FCBDF2EA5B5F0BE97AFAC70 SIZE=1033512
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll [Nero AG] [NeroAPIGlueLayerUnicode] MD5=69BDD31D35ECB511728C60C2BCAEA8FF SIZE=140584
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\LBFC.dll [Nero AG] [Nero BackItUp] MD5=54B02FA34EE3120A3DE1A0BBEC3F4C96 SIZE=431400
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NBHDMgr.dll [Nero AG] [Nero BackItUp] MD5=5B25DD20050822E779E7FDE0F1DAB45F SIZE=578856
%PROGRAMFILES%\Google\Update\GoogleUpdate.exe [Google Inc.] [Google Update] MD5=F02A533F517EB38333CB12A9E8963773 SIZE=136176
%PROGRAMFILES%\Google\Update\1.2.183.29\goopdate.dll [Google Inc.] [Google Update] MD5=9B6C56F8FF459347D1270A91947E47BE SIZE=681624
%COMMONFILES%\Nero\Lib\NeroDigitalExt.dll [Nero AG] [Nero Digital Tools] MD5=5C766113487508C136D50FC1489B60D8 SIZE=2037032
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=E639279A5EF179BA87EC70B5BCC315D1 SIZE=425984
%SYSDIR%\IoctlSvc.exe [Prolific Technology Inc.] [IoctlSvc Application] MD5=875E4E0661F3A5994DF9E5E3A0A4F96B SIZE=81920
%SYSDIR%\TUProgSt.exe [TuneUp Software] [TuneUp Utilities 2009] MD5=02E5F68A55CD413C5BFB9F2DF677DD01 SIZE=603904
%PROGRAMFILES%\ScanSoft\PaperPort\MAXUTIL.dll [ScanSoft, Inc.] [PaperPort] MD5=AE549FCE15D247BE76EC6085E12386E8 SIZE=106544
%PROGRAMFILES%\ScanSoft\PaperPort\PPERR.dll [ScanSoft, Inc.] [PaperPort] MD5=147113233211DEE800DA1758B9B452EF SIZE=81966
%PROGRAMFILES%\ScanSoft\PaperPort\blicectr.dll [ScanSoft, Inc.] [Printer Driver] MD5=47E0561C5B357FAAF92D08FC3F65EB1F SIZE=7168
%COMMONFILES%\Apple\Apple Application Support\CoreFoundation.dll [Apple Inc.] [CoreFoundation] MD5=CEF20CB83B36EC2DBB99D38DC80FC826 SIZE=828704
%COMMONFILES%\Apple\Apple Application Support\pthreadVC2.dll [Open Source Software community project] MD5=0EEE814627F4384291687671F76419F6 SIZE=53024
%COMMONFILES%\Apple\Apple Application Support\objc.dll [Apple Inc.] [objc4] MD5=554BD99F802FCC7BFE7FA7102384A2D2 SIZE=120096
%COMMONFILES%\Apple\Apple Application Support\libdispatch.dll [Apple Inc.] [libdispatch] MD5=1F2C969E902CCEF296B465052FAB04E8 SIZE=42272
%COMMONFILES%\Apple\Apple Application Support\icuin40.dll [IBM Corporation and others] [International Components for Unicode] MD5=39C821EF59F82FF6CDCCA768E5E36BBE SIZE=1041696
%COMMONFILES%\Apple\Apple Application Support\icuuc40.dll [IBM Corporation and others] [International Components for Unicode] MD5=3075B86A8EE385CADA46F69386430FCF SIZE=922912
%COMMONFILES%\Apple\Apple Application Support\icudt40.dll [IBM Corporation and others] [International Components for Unicode] MD5=608E159EC424C6B54D04ABFDF2E8F8B0 SIZE=14013728
%COMMONFILES%\Apple\Apple Application Support\ASL.dll [Apple, Inc.] [Apple System Log] MD5=D47FDF1E73D17405CD9A3BE24B96E699 SIZE=75040
%COMMONFILES%\Apple\Apple Application Support\CFNetwork.DLL [Apple, Inc.] [CFNetwork] MD5=108127A4DC670EFC3D3CBBD533668C14 SIZE=628000
%COMMONFILES%\Apple\Apple Application Support\SQLite3.dll [Apple Inc.] [SQLite3] MD5=10A3BE228F8C14BE1E4FD716336E4889 SIZE=406816
%COMMONFILES%\Apple\Apple Application Support\zlib1.dll [zlib] MD5=85D2A186AFD93A318935791421EFC605 SIZE=67872
%COMMONFILES%\Apple\Mobile Device Support\iTunesMobileDevice.dll [Apple Inc.] [iTunesMobileDevice] MD5=ECF7A68F841E6B44FD943788146798CA SIZE=1250592
%PROGRAMFILES%\Brother\Brmfcmon\BrMfcWnd.exe [Brother Industries, Ltd.] [Status Monitor] MD5=FD2664D52A61D9CDC1BC3105BD1F414D SIZE=802816
%PROGRAMFILES%\Brother\Brmfcmon\Brmfcwnd.dll [Brother Industries, Ltd.] [Brother MFL-Pro] MD5=E949F0E438E62584F94987A73A1EFD00 SIZE=53248
%PROGRAMFILES%\iPod\bin\iPodService.exe [Apple Inc.] [iTunes] MD5=DCB3796E0169419618C72F0CE34C68ED SIZE=820008
%PROGRAMFILES%\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL [Apple Inc.] [iTunes] MD5=99DA301A7D20C81AC56B54010666C43C SIZE=48928
%PROGRAMFILES%\iPod\bin\iPodService.Resources\iPodService.DLL [Apple Inc.] [iTunes] MD5=BB62672091D616495B5A4C6D0457966B SIZE=47904
deskpan.dll
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 111.75] MD5=70BDDEE1D46FC4E98AD76A4B4EBE63FF SIZE=466944
%PROGRAMFILES%\TuneUp Utilities 2009\SDShelEx-win32.dll [TuneUp Software] [TuneUp Utilities 2009] MD5=D74613A548B310661D3C2E8EE1D2E6D5 SIZE=27392
%PROGRAMFILES%\TuneUp Utilities 2009\DseShExt-x86.dll [TuneUp Software] [TuneUp Utilities 2009] MD5=D0931C71B6204817B54E56089A484CB9 SIZE=25856
%PROGRAMFILES%\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=6CFD3C40CD020DC633A6DA336E470EFD SIZE=2106664
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=0740ABDF0265BA0260D52FE88DCB9067 SIZE=63016
%SYSDIR%\DRIVERS\98817671.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=7DD41B7AC1FBB1DBF20BB1F4E4FBE58C SIZE=128016
%SYSDIR%\DRIVERS\98817672.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=A305FAD3719C5DB0C13D1C2BFD08A04D SIZE=37392
%SYSDIR%\drivers\AsIO.sys MD5=663F2FB92608073824EE3106886120F3 SIZE=12664
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\giveio.sys MD5=77EBF3E9386DAA51551AF429052D88D0 SIZE=5248
%SYSDIR%\drivers\RtkHDAud.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver (HRTF data Copyright 1994 by MIT Media Lab)] MD5=41EF008D7B089CE6F5F2E4A61D5638E6 SIZE=4484608
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\ASACPI.sys [ATK0110 ACPI Utility] MD5=D48659BB24C48345D926ECB45C1EBDF5 SIZE=5810
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\SMBios.sys [Intel Corporation] [Intel (R) System Management BIOS Driver] MD5=D72A21424CA66C7A745BD995ECA6A710 SIZE=36484
%SYSDIR%\speedfan.sys [Windows (R) 2000 DDK provider] [Windows (R) 2000 DDK driver] MD5=5D6401DB90EC81B71F8E2C5C8F0FEF23 SIZE=5248
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%SYSDIR%\svchost.exe -k imgsvc
%DESKTOP%\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\kerneld.wnt MD5=4C30A2A2B64722CB66C5106981D75BC2 SIZE=27760

End of Report

Zajímavé je, že má podobný log jako Hijackthis, ale třeaba přišel na něco jiného

Ten Songbird tedy nech i když mě osobně se zrovna nezamlouvá.

Služba TuneUp Program Statistics Service nijak neovlivňuje chod TuneUpu jen si "zapisuje" co se na PC děje,

nesmažeme jí jen zakážeme její spouštění.

To co Mbam a SAS našel nech smazat.

Pokud jsi připojen k internetu může se do PC něco dostat aniž by jsi spustil prohlížeč, ale jen v tom případě

že tam již nějakého šmejda máš který se postrá o to aby se k němu přidali další bráškové.

Dále pokračuj tím ComboFixem.

OK,
Služba TuneUp Program Statistics Service - zakážu a nevypnu (jak píšete)

MBAM
====
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
SAS
===
Disabled.SecurityCenterOption - HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Obě tyto nalezené položky neznamenají vir. Je to pouze upozornění operačního systému o použití "nestandartního" nastavení v "Centru zabezpečení" (Ovládací panely -> Centrum zabezpečení -> Nastavení výstrah).

Mohu se zeptat proč vám Songbird nevyhovuje? Funkčně je hodně podobný iTunes, je na mozilla platformě, česky, hodně pluginů (jako FF) a funkcí, dobrý zvuk, je v něm možno brouzdat po netu, obsahuje např v pluginu i to, jaké jsou poslední alba skupiny a kdy bude koncert, .... a je zadarmo.

Večer se vrhnu na ten Combofix

Službu TuneUp Program Statistics Service nejdříve zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.

K tomu Songbirdu, jsou prostě programy které mi sedí a které ne a tenhle není zrovna z těch co by museli najiždět

po stratu PC automaticky.

log z Combofixu:

ComboFix 10-09-23.01 - Kája 23.09.2010 21:44:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1515 [GMT 2:00]
Spuštěný z: d:\download\_MistoPlochy\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-08-23 do 2010-09-23 )))))))))))))))))))))))))))))))
.

2010-09-23 09:29 . 2010-09-23 09:29 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-23 09:29 . 2010-09-23 09:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-23 09:29 . 2010-09-23 09:29 -------- d-----w- c:\program files\Snoworange
2010-09-22 10:18 . 2010-09-22 10:18 -------- d-----w- c:\program files\FreeMind
2010-09-21 14:12 . 2010-09-21 14:17 -------- d-----w- c:\program files\jwDuplFiles
2010-09-21 13:14 . 2010-09-21 13:14 -------- d-----w- c:\program files\AntiTwin
2010-09-20 09:01 . 2010-09-23 09:55 -------- d-----w- c:\program files\trend micro
2010-09-20 09:01 . 2010-09-20 19:12 -------- d-----w- C:\rsit
2010-09-17 21:23 . 2010-09-17 21:23 -------- d-----w- c:\program files\QuickTime
2010-09-17 18:30 . 2010-09-17 18:30 -------- d-----w- c:\program files\ConMet
2010-09-17 16:32 . 2010-09-17 16:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 15:59 . 2010-09-17 15:59 -------- d-----w- c:\program files\CodeStuff
2010-09-17 15:24 . 2010-09-17 15:24 -------- d-----w- c:\program files\Safer Networking
2010-09-14 16:51 . 2010-09-14 16:55 -------- d-----w- C:\Lyrics
2010-09-14 16:50 . 2010-09-15 12:13 -------- d-----w- c:\program files\Minilyrics
2010-09-14 16:35 . 2010-09-14 16:35 -------- d-----w- c:\program files\Winamp
2010-09-14 16:35 . 2010-09-14 16:42 -------- d-----w- c:\program files\EvilLyrics
2010-09-14 16:01 . 2010-09-14 16:02 -------- d-----w- c:\program files\MediaMonkey
2010-09-14 14:12 . 2010-09-21 20:55 -------- d-----w- c:\program files\Songbird
2010-09-14 13:19 . 2010-09-14 13:19 -------- d-----w- c:\program files\Common Files\COWON
2010-09-14 13:19 . 2010-09-14 13:22 -------- d-----w- c:\program files\JetAudio
2010-09-14 12:29 . 2010-08-30 22:04 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-14 12:29 . 2010-08-30 22:04 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-14 12:29 . 2010-09-21 20:30 -------- d-----w- c:\program files\iTunes
2010-09-14 12:28 . 2010-09-14 12:28 -------- d-----w- c:\program files\Apple Software Update
2010-09-14 12:27 . 2010-09-14 12:29 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-14 12:27 . 2010-09-14 12:27 -------- d-----w- c:\program files\Bonjour
2010-09-14 12:27 . 2010-09-21 20:30 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 16:34 . 2010-09-05 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2010-09-05 16:34 . 2010-09-05 16:34 -------- d-----w- c:\program files\Real
2010-09-05 16:34 . 2010-09-05 16:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-05 16:34 . 2010-09-05 16:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-05 16:34 . 2010-09-05 16:35 -------- d-----w- c:\program files\Common Files\Real
2010-09-05 15:45 . 2010-09-22 07:42 10536 ----a-w- c:\windows\system32\drivers\hmonitor45.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 18:31 . 2010-04-16 21:54 -------- d-----w- c:\program files\Crawler
2010-09-20 09:17 . 2010-04-16 21:35 -------- d-----w- c:\program files\Spyware Terminator
2010-09-19 15:01 . 2010-05-03 16:00 -------- d-----w- c:\program files\The KMPlayer
2010-09-17 16:10 . 2010-06-29 10:51 -------- d-----w- c:\program files\Java
2010-09-15 10:57 . 2010-04-17 09:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-14 13:19 . 2010-04-17 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-05 17:03 . 2010-08-20 22:07 -------- d-----w- c:\program files\SpeedFan
2010-09-01 10:09 . 2010-07-24 21:27 -------- d-----w- c:\program files\Opera
2010-08-20 21:11 . 2010-08-20 19:34 -------- d-----w- c:\program files\Hmonitor
2010-08-20 19:29 . 2010-04-11 19:26 -------- d-----w- c:\program files\a-squared Free
2010-08-17 17:55 . 2001-10-25 14:00 78474 ----a-w- c:\windows\system32\perfc005.dat
2010-08-17 17:55 . 2001-10-25 14:00 429446 ----a-w- c:\windows\system32\perfh005.dat
2010-08-17 13:17 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 19:28 . 2010-08-05 18:51 -------- d-----w- c:\program files\Google
2010-08-02 09:40 . 2004-08-17 13:49 6656 ----a-w- c:\windows\system32\lpcio.dll
2010-08-02 08:10 . 2010-08-02 08:09 -------- d-----w- c:\program files\OCCT
2010-08-02 07:42 . 2010-08-02 07:42 -------- d-----w- c:\program files\WhoCrashed
2010-08-02 07:27 . 2010-08-02 07:27 4096 ----a-w- c:\windows\d3dx.dat
2010-08-01 14:39 . 2010-08-01 14:39 -------- d-----w- c:\program files\SIW
2010-07-31 12:19 . 2010-04-14 00:14 90112 ----a-w- c:\windows\DUMP38b3.tmp
2010-07-31 07:09 . 2010-07-31 07:09 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 09:40 . 2010-07-27 09:40 -------- d-----w- c:\program files\HD Tune Pro
2010-07-27 08:32 . 2010-07-27 08:32 -------- d-----w- c:\program files\HD Tune_free_2.55
2010-07-27 08:07 . 2010-07-27 08:07 -------- d-----w- c:\program files\MSXML 4.0
2010-07-26 15:13 . 2010-07-26 12:25 -------- d-----w- c:\program files\Common Files\Nero
2010-07-26 15:12 . 2010-07-26 15:12 -------- d-----w- c:\program files\Nero
2010-07-22 15:46 . 2004-08-17 13:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-06-29 10:51 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2004-08-17 13:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 11:59 . 2010-06-29 11:59 50 -c--a-w- c:\windows\system32\bridf05a.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-23 1011712]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-09-20 2183680]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-09-17 4025856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2010-6-29 802816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 98817672;98817672 Boot Guard Driver;c:\windows\system32\drivers\98817672.sys [12.7.2010 7:46 37392]
R1 98817671;98817671;c:\windows\system32\drivers\98817671.sys [12.7.2010 7:46 128016]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14.8.2002 15:11 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 11:15 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16.4.2010 23:35 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.7.2010 17:57 135336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\kerneld.wnt [16.7.2010 20:17 27760]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 11:15 12872]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.8.2010 21:27 136176]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 19:27]

2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 19:27]

2010-09-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1972579041-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1972579041-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1972579041-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1972579041-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Doplňkový sken -------
.
uStart Page = novinky.cz
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
TCP: {785ACEF6-E570-49A5-89F3-2F98BD15D776} = 208.67.222.222,208.67.220.220
TCP: {F3EB1E2C-0858-4F6F-BA8E-0D9D2F106A51} = 208.67.222.222,208.67.220.220
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Kája\Data aplikací\Mozilla\Firefox\Profiles\eg7cc5ay.q\
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 21:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1340)
c:\windows\system32\webcheck.dll
.
Celkový čas: 2010-09-23 21:49:45
ComboFix-quarantined-files.txt 2010-09-23 19:49

Před spuštěním: Volných bajtů: 18 892 361 728
Po spuštění: Volných bajtů: 19 093 164 032

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 72CFA6BE99D3E0C9DBD419929E374186

Songbird: jasný, já se Vám ho nepokouším vnutit, jen jsem ho představil

Jaký používáte přehrávač na muziku? Nebo správce hudby?

Udělal Combofix něco?

Na hudbu používám Winamp a na film Power DVD ani jeden z nich ovšem nenajíždí po Startu ale jen když je chci spusit,

plus mají zakázanou jakoukoliv komunkaci se světem.

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\DUMP38b3.tmp

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

PowerDVD jsem kdysi používal také a byl plně dostačující, ale již nevím, co pře přesvědčilo o vyzkoušení něčeho nového - nejdřív GOM player a te'd nějakou dobu používám The KMP player.

Songbird zkouším, stejně jako iTunes a Media Monkey. Winamp mě přestal bavit

Já doufám, že to co používám příliš informace o mě do netu nevysílá ...

Log z aktualizovaného a apětovným scanem udělaného Combofixu s Vaším scriptem

ComboFix 10-09-24.05 - Kája 25.09.2010 11:22:34.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1502 [GMT 2:00]
Spuštěný z: c:\documents and settings\Kája\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Kája\Plocha\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\DUMP38b3.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\DUMP38b3.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-25 do 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-24 14:11 . 2010-09-24 14:11 -------- d-----w- c:\program files\PSPad editor
2010-09-24 11:48 . 2009-12-19 22:00 -------- d---a-w- C:\xampp
2010-09-23 09:29 . 2010-09-23 09:29 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-23 09:29 . 2010-09-23 09:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-23 09:29 . 2010-09-23 09:29 -------- d-----w- c:\program files\Snoworange
2010-09-22 10:18 . 2010-09-22 10:18 -------- d-----w- c:\program files\FreeMind
2010-09-21 14:12 . 2010-09-21 14:17 -------- d-----w- c:\program files\jwDuplFiles
2010-09-21 13:14 . 2010-09-21 13:14 -------- d-----w- c:\program files\AntiTwin
2010-09-20 09:01 . 2010-09-23 09:55 -------- d-----w- c:\program files\trend micro
2010-09-20 09:01 . 2010-09-20 19:12 -------- d-----w- C:\rsit
2010-09-17 21:23 . 2010-09-17 21:23 -------- d-----w- c:\program files\QuickTime
2010-09-17 18:30 . 2010-09-17 18:30 -------- d-----w- c:\program files\ConMet
2010-09-17 16:32 . 2010-09-17 16:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 15:59 . 2010-09-17 15:59 -------- d-----w- c:\program files\CodeStuff
2010-09-17 15:24 . 2010-09-17 15:24 -------- d-----w- c:\program files\Safer Networking
2010-09-14 16:51 . 2010-09-14 16:55 -------- d-----w- C:\Lyrics
2010-09-14 16:50 . 2010-09-15 12:13 -------- d-----w- c:\program files\Minilyrics
2010-09-14 16:35 . 2010-09-14 16:35 -------- d-----w- c:\program files\Winamp
2010-09-14 16:35 . 2010-09-14 16:42 -------- d-----w- c:\program files\EvilLyrics
2010-09-14 16:01 . 2010-09-14 16:02 -------- d-----w- c:\program files\MediaMonkey
2010-09-14 14:12 . 2010-09-21 20:55 -------- d-----w- c:\program files\Songbird
2010-09-14 13:19 . 2010-09-14 13:19 -------- d-----w- c:\program files\Common Files\COWON
2010-09-14 13:19 . 2010-09-14 13:22 -------- d-----w- c:\program files\JetAudio
2010-09-14 12:29 . 2010-08-30 22:04 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-14 12:29 . 2010-08-30 22:04 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-14 12:29 . 2010-09-21 20:30 -------- d-----w- c:\program files\iTunes
2010-09-14 12:28 . 2010-09-14 12:28 -------- d-----w- c:\program files\Apple Software Update
2010-09-14 12:27 . 2010-09-14 12:29 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-14 12:27 . 2010-09-14 12:27 -------- d-----w- c:\program files\Bonjour
2010-09-14 12:27 . 2010-09-21 20:30 -------- d-----w- c:\program files\Common Files\Apple
2010-09-05 16:34 . 2010-09-05 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2010-09-05 16:34 . 2010-09-05 16:34 -------- d-----w- c:\program files\Real
2010-09-05 16:34 . 2010-09-05 16:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-05 16:34 . 2010-09-05 16:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-05 16:34 . 2010-09-05 16:35 -------- d-----w- c:\program files\Common Files\Real
2010-09-05 15:45 . 2010-09-22 07:42 10536 ----a-w- c:\windows\system32\drivers\hmonitor45.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 09:05 . 2010-04-16 21:54 -------- d-----w- c:\program files\Crawler
2010-09-20 09:17 . 2010-04-16 21:35 -------- d-----w- c:\program files\Spyware Terminator
2010-09-19 15:01 . 2010-05-03 16:00 -------- d-----w- c:\program files\The KMPlayer
2010-09-17 16:10 . 2010-06-29 10:51 -------- d-----w- c:\program files\Java
2010-09-15 10:57 . 2010-04-17 09:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-14 13:19 . 2010-04-17 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-05 17:03 . 2010-08-20 22:07 -------- d-----w- c:\program files\SpeedFan
2010-09-01 10:09 . 2010-07-24 21:27 -------- d-----w- c:\program files\Opera
2010-08-20 21:11 . 2010-08-20 19:34 -------- d-----w- c:\program files\Hmonitor
2010-08-20 19:29 . 2010-04-11 19:26 -------- d-----w- c:\program files\a-squared Free
2010-08-17 17:55 . 2001-10-25 14:00 78474 ----a-w- c:\windows\system32\perfc005.dat
2010-08-17 17:55 . 2001-10-25 14:00 429446 ----a-w- c:\windows\system32\perfh005.dat
2010-08-17 13:17 . 2004-08-17 13:49 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 19:28 . 2010-08-05 18:51 -------- d-----w- c:\program files\Google
2010-08-02 09:40 . 2004-08-17 13:49 6656 ----a-w- c:\windows\system32\lpcio.dll
2010-08-02 08:10 . 2010-08-02 08:09 -------- d-----w- c:\program files\OCCT
2010-08-02 07:42 . 2010-08-02 07:42 -------- d-----w- c:\program files\WhoCrashed
2010-08-02 07:27 . 2010-08-02 07:27 4096 ----a-w- c:\windows\d3dx.dat
2010-08-01 14:39 . 2010-08-01 14:39 -------- d-----w- c:\program files\SIW
2010-07-31 07:09 . 2010-07-31 07:09 664 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 16:44 . 2010-07-27 16:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 09:40 . 2010-07-27 09:40 -------- d-----w- c:\program files\HD Tune Pro
2010-07-22 15:46 . 2004-08-17 13:49 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-06-29 10:51 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:33 . 2004-08-17 13:49 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 11:59 . 2010-06-29 11:59 50 -c--a-w- c:\windows\system32\bridf05a.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-09-23_19.47.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-25 09:15 . 2010-09-25 09:15 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2008-05-23 1011712]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16125440]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-09-20 2183680]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"ConMet"="c:\program files\ConMet\ConMet.exe" [2010-09-17 4025856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2010-6-29 802816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 98817672;98817672 Boot Guard Driver;c:\windows\system32\drivers\98817672.sys [12.7.2010 7:46 37392]
R1 98817671;98817671;c:\windows\system32\drivers\98817671.sys [12.7.2010 7:46 128016]
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [14.8.2002 15:11 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17.2.2010 11:15 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16.4.2010 23:35 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.7.2010 17:57 135336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\kerneld.wnt [16.7.2010 20:17 27760]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17.2.2010 11:15 12872]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5.8.2010 21:27 136176]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 19:27]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 19:27]

2010-09-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1972579041-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1972579041-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1972579041-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1972579041-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Doplňkový sken -------
.
uStart Page = novinky.cz
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
TCP: {785ACEF6-E570-49A5-89F3-2F98BD15D776} = 208.67.222.222,208.67.220.220
TCP: {F3EB1E2C-0858-4F6F-BA8E-0D9D2F106A51} = 208.67.222.222,208.67.220.220
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\Kája\Data aplikací\Mozilla\Firefox\Profiles\eg7cc5ay.q\
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 11:27
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\Kája\Plocha\Everest Ultimate 5 (CZ, portable, full)\Everest_Ultimate_5.50.2183b_Portable\kerneld.wnt"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(956)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-09-25 11:29:15
ComboFix-quarantined-files.txt 2010-09-25 09:29
ComboFix2.txt 2010-09-23 19:49

Před spuštěním: Volných bajtů: 18 429 472 768
Po spuštění: Volných bajtů: 18 417 008 640

- - End Of File - - 93644D50E574DE000C3414C7B86BB025

Měl bych asi dodat, že po návodu (vyzvoření txt a zkopírování do Combofixu se chtěl automaticky aktualizovat a pak začal scanovat. Neviděl jsem to jako dobru věc a tak jsem ho vypl, restaloval jsem PC a zkusil znova. Pochopil jsem, že to CF dělá ASI??? standartně, jelikož po scanu byla informace o smazaní toho co to mělo smazat

Nejsem proti experimentování jen za ty léta používání různých softíků na kde co jsem si vybral

to co opravdu potřebuji, na co se můžu spolehnout a co mě vyhovuje.

Přít se tady o to který softík je nej nemá smysl, protože každému sedí něco jiného.

Cpát si do PC hromadu různého softu jen proto abych ho měl, tak z toho už jsem vyrostl

Jinak vše si provedl bez chyby tak že nyní přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.

Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.

Pak dej vědět jestli je ještě s PC nějaký problém.

VIRY.CZ

Restartování OS WinXP Prof

Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof

Re: Restartování OS WinXP Prof