keylogger + kontrola logu

[Lolllec]

Asi pred mesiacom sme s kamarátom skúšali na mojom PC jeden keylogger... Nastavili sme, aby všetky info odosielalo na kamarátov pc..A hneď potom sme to vymazali aby to už neposielalo.... No a dnes som ten keylogger náhodou spustil zonvu Ako ho mám vymazať??

Tu je výpis z HiJackThis (keby náhodou)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:09, on 6. 4. 2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
D:\Software\Alwil Software\Avast4\aswUpdSv.exe
D:\Software\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
D:\Software\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
D:\Software\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Software\xampp\apache\bin\apache.exe
D:\Software\Alwil Software\Avast4\ashMaiSv.exe
D:\Software\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\windows\SOUNDMAN.EXE
D:\Software\A4Tech Mouse\Amoumain.exe
D:\Software\WinFast TV\WFWIZ.exe
C:\windows\system32\RUNDLL32.EXE
D:\Software\ALWILS~1\Avast4\ashDisp.exe
D:\Software\Winamp\winampa.exe
C:\windows\system32\ctfmon.exe
D:\Software\Everest UEE\everest.exe
D:\Software\_HP\Digital Imaging\bin\hpobnz08.exe
D:\Software\_HP\Digital Imaging\bin\hpotdd01.exe
D:\Software\_HP\Digital Imaging\bin\hpoevm08.exe
D:\Software\_HP\Digital Imaging\Bin\hpoSTS08.exe
D:\Software\Total Commander 7.0\TOTALCMD.EXE
D:\Software\Adobe Premiere Elements 3\Adobe Premiere Elements.exe
D:\Software\Mozilla Firefox 3 Beta 4\firefox.exe
D:\Software\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ukpcrepair.com/dlsite/prog.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 213.215.115.86 l2authd.lineage2.com
O2 - BHO: (no name) - {0682E46A-7040-4049-A6FD-0BCFBC673AD8} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Software\Adobe Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0770D69D-E742-44B2-A6DD-9EDB6E451846} - (no file)
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Software\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Software\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Software\Java\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WheelMouse] d:\Software\A4Tech Mouse\Amoumain.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinFast Schedule] D:\Software\WinFast TV\WFWIZ.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\Software\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Software\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [EVEREST AutoStart] D:\Software\Everest UEE\everest.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = D:\Software\_HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Download with GetRight - D:\Software\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Software\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Software\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Software\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Software\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Software\Java\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Software\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Software\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Software\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Software\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Software\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Software\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Software\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Software\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - D:\Software\xampp\apache\bin\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Software\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Software\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Software\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Software\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - Unknown owner - C:\Program Files\Comodo\Personal Firewall\cmdagent.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - D:\Software\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Software\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8552 bytes

[BUBINO]

Prajem pekny den !

Toto v programe fixni:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ukpcrepair.com/dlsite/prog.html
O2 - BHO: (no name) - {0682E46A-7040-4049-A6FD-0BCFBC673AD8} - (no file)
O2 - BHO: (no name) - {0770D69D-E742-44B2-A6DD-9EDB6E451846} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Software\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Software\ICQLite\ICQLite.exe (file missing)

Co je toto za vec ? :
D:\Software\Adobe Premiere Elements 3\Adobe Premiere Elements.exe

Ziadneho vira nevidim. Pouzi combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stiahni na plochu a spusti. V pripade licenc. zmluvy potvrd OK. Zacne skenovanie. Behom skenu neklikaj pomimo a nespustaj ziadne programy. Po skene je mozne, ze sa pc resetuje. Log, ktory naskoci, skopiruj sem. Je v c:\combofix.txt. Ten skopiruj sem.

[Lolllec]

Vykonané...

Je to program na úpravu videa.

Tu je log:
---------------------
ComboFix 08-04-08.4 - Vlado Marton 2008-04-08 20:32:27.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1514 [GMT 2:00]
Running from: D:\xxx\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\msvrc20.dll
C:\windows\system32\28463
C:\windows\system32\Cache
C:\windows\system32\plugin1.dat
C:\windows\system32\SysPr.prx
C:\windows\system32\tmp71.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))
.

2008-04-06 20:17 . 2008-04-06 20:18 <DIR> d-------- D:\Software\Adobe Photoshop CS2
2008-04-06 17:15 . 2008-04-06 17:15 250 --a------ C:\WINDOWS\gmer.ini
2008-04-04 15:30 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 15:30 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 20:52 . 2008-03-29 20:52 <DIR> d-------- D:\Software\Winamp
2008-03-29 20:52 . 2008-03-29 20:55 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\Winamp
2008-03-29 20:52 . 2008-03-29 20:55 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\Winamp
2008-03-29 20:52 . 2008-03-29 20:55 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\Winamp
2008-03-29 19:08 . 2008-03-29 19:08 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\PC Suite
2008-03-29 19:08 . 2008-03-29 19:08 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\PC Suite
2008-03-29 19:08 . 2008-03-29 19:08 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\PC Suite
2008-03-27 21:01 . 2008-03-27 21:06 249,856 --------- C:\WINDOWS\Setup1.exe
2008-03-27 21:01 . 2008-03-27 21:06 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-03-22 17:14 . 2008-03-22 18:53 <DIR> d-------- D:\Software\Room Arranger
2008-03-19 22:20 . 2008-03-19 22:20 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-03-19 22:20 . 2008-03-19 22:20 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-03-19 22:20 . 2008-03-19 22:20 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-03-19 22:20 . 2008-03-19 22:20 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-03-19 22:20 . 2008-03-19 22:20 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-03-14 19:34 . 2008-04-06 17:28 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\GetRight
2008-03-14 19:34 . 2008-04-06 17:28 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\GetRight
2008-03-14 19:34 . 2008-04-06 17:28 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\GetRight
2008-03-14 19:33 . 2008-04-06 17:28 <DIR> d-------- D:\Software\GetRight
2008-03-14 10:15 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-14 10:15 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-14 10:15 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-14 10:15 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-14 10:15 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-14 10:15 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-14 10:14 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-14 10:14 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-14 00:00 . 2008-03-14 00:00 <DIR> d-------- D:\Software\Alwil Software
2008-03-13 22:20 . 2008-03-13 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2008-03-13 22:03 . 2008-03-13 22:03 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\Uniblue
2008-03-13 22:03 . 2008-03-13 22:03 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\Uniblue
2008-03-13 22:03 . 2008-03-13 22:03 <DIR> d-------- C:\Documents and Settings\Vlado Marton\Data aplikací\Uniblue
2008-03-13 21:57 . 2008-03-13 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
2008-03-13 21:56 . 2008-03-13 21:57 <DIR> d-------- D:\Software\Security Task Manager
2008-03-13 17:12 . 2008-04-08 20:31 <DIR> d-------- D:\Software\Mozilla Firefox 3 Beta 4
2008-03-12 23:05 . 2008-03-12 23:05 <DIR> d-------- D:\Software\BitComet FLV Converter
2008-03-12 22:55 . 2008-03-12 22:55 <DIR> d-------- D:\Software\ImTOO
2008-03-09 22:08 . 2008-03-09 22:08 <DIR> d-------- D:\Software\DsNET Corp
2008-03-09 21:14 . 2008-03-09 21:29 <DIR> d-------- D:\Software\Avast4
2008-03-09 21:09 . 2008-03-13 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Trend Micro
2008-03-09 21:08 . 2008-03-13 22:43 <DIR> d-------- D:\Software\Trend Micro
2008-03-09 21:08 . 2008-03-09 21:08 <DIR> d-------- C:\Temp\Tools
2008-03-09 21:08 . 2008-03-09 21:08 <DIR> d-------- C:\Temp\Setup
2008-03-09 21:08 . 2008-03-09 21:08 <DIR> d-------- C:\Temp\Manual
2008-03-09 19:22 . 2008-03-09 19:48 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-03-09 19:14 . 2008-03-09 19:14 <DIR> d-------- C:\Documents and Settings\LocalService\Nabídka Start
2008-03-09 19:08 . 2008-03-09 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\sentinel
2008-03-09 19:07 . 2008-03-09 19:07 <DIR> d--h----- D:\Software\InstallShield Installation Information

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 18:31 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\Skype
2008-04-08 18:31 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\Skype
2008-04-08 18:31 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\Skype
2008-04-07 18:10 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\HLSW
2008-04-07 18:10 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\HLSW
2008-04-07 18:10 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\HLSW
2008-04-06 15:28 --------- d-----w D:\Software\Macromedia Flash 8 Pro
2008-04-06 15:25 --------- d-----w D:\Software\_Ricoh
2008-04-05 18:32 --------- d-----w D:\Software\Adobe Photoshop CS2 ENG
2008-04-05 18:31 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 18:43 --------- d-----w C:\Program Files\Common Files\Real
2008-03-13 13:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-13 13:29 --------- d-----w D:\Software\Firefox 3 Beta 2
2008-03-05 13:04 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2008-03-05 08:04 155,995 ----a-w C:\windows\java\Packages\FNDB7R93.ZIP
2008-03-03 10:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\MailFrontier
2008-03-02 11:01 --------- d-----w D:\Software\microsoft frontpage
2008-03-01 17:51 --------- d-----w D:\Software\MS Office 2003
2008-03-01 13:06 --------- d-----w D:\Software\_Programing
2008-02-24 14:35 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\ICQ
2008-02-24 14:35 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\ICQ
2008-02-24 14:35 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\ICQ
2008-02-23 09:12 --------- d-----w D:\Software\Innotek VirtualBox
2008-02-17 15:15 --------- d-----w D:\Software\ICQ6
2008-02-16 20:38 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\Microsoft Corporation
2008-02-16 20:38 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\Microsoft Corporation
2008-02-16 20:38 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\Microsoft Corporation
2008-02-16 19:22 --------- d-----w D:\Software\VLC
2008-02-16 18:49 --------- d-----w D:\Software\Opera
2008-02-11 18:51 22,328 -c--a-w C:\windows\system32\drivers\PnkBstrK.sys
2008-02-11 18:50 107,832 ----a-w C:\windows\system32\PnkBstrB.exe
2008-02-10 20:03 66,872 ----a-w C:\windows\system32\PnkBstrA.exe
2008-02-10 16:07 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\CyberLink
2008-02-09 19:22 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\gtk-2.0
2008-02-09 19:22 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\gtk-2.0
2008-02-09 19:22 --------- d-----w C:\Documents and Settings\Vlado Marton\Data aplikací\gtk-2.0
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-17 17:49 15360]
"EVEREST AutoStart"="D:\Software\Everest UEE\everest.exe" [2007-06-29 00:04 1973344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 577536 C:\WINDOWS\Soundman.exe]
"Tweak UI"="TWEAKUI.CPL" [2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl]
"WheelMouse"="d:\Software\A4Tech Mouse\Amoumain.exe" [2006-02-17 11:14 163840]
"WinFast Schedule"="D:\Software\WinFast TV\WFWIZ.exe" [2005-03-02 13:21 278528]
"NvMediaCenter"="C:\windows\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"avast!"="D:\Software\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"WinampAgent"="D:\Software\Winamp\winampa.exe" [2008-03-27 08:35 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 17:49 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hp psc 2000 Series.lnk - D:\Software\_HP\Digital Imaging\bin\hpobnz08.exe [2003-04-09 18:41:38 323646]
hpoddt01.exe.lnk - D:\Software\_HP\Digital Imaging\bin\hpotdd01.exe [2003-04-09 19:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
D:\Software\WINDOW~1.5\wbsrv.dll 2007-10-29 20:37 176128 D:\Software\WINDOW~1.5\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CFHD"= cfhd.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"msacm.iac2"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\iac25_32.ax
"vidc.avrn"= D:\Software\_Codec\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.advj"= D:\Software\_Codec\ACEMEG~1\SystemS\AVIDAV~1.DLL
"vidc.mszh"= D:\Software\_Codec\ACEMEG~1\SystemS\avimszh.dll
"vidc.zlib"= D:\Software\_Codec\ACEMEG~1\SystemS\avizlib.dll
"vidc.cscd"= D:\Software\_Codec\ACEMEG~1\SystemS\camcodec.dll
"vidc.cvid"= D:\Software\_Codec\ACEMEG~1\SystemS\iccvid.dll
"msacm.trspch"= D:\Software\_Codec\ACEMEG~1\SystemS\tssoft32.acm
"vidc.em2v"= D:\Software\_Codec\ACEMEG~1\SystemS\etxcodec.dll
"vidc.mkvc"= D:\Software\_Codec\ACEMEG~1\SystemS\kmvidc32.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.lameacm"= D:\Software\_Codec\ACEMEG~1\SystemS\lameacm.acm
"msacm.lhacm"= D:\Software\_Codec\ACEMEG~1\SystemS\lhacm.acm
"msacm.l3acm"= D:\Software\_Codec\ACEMEG~1\SystemS\l3codecp.acm
"vidc.sjpg"= D:\Software\_Codec\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.dmb2"= D:\Software\_Codec\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.gepj"= D:\Software\_Codec\ACEMEG~1\SystemS\pmjpeg32.dll
"vidc.qpeg"= D:\Software\_Codec\ACEMEG~1\SystemS\Qpeg32.dll
"vidc.q1.0"= D:\Software\_Codec\ACEMEG~1\SystemS\Qpeg32.dll
"msacm.sl_anet"= D:\Software\_Codec\ACEMEG~1\SystemS\sl_anet.acm
"vidc.tscc"= D:\Software\_Codec\ACEMEG~1\SystemS\tsccvid.dll
"vidc.vifp"= D:\Software\_Codec\ACEMEG~1\SystemS\vfcodec.dll
"vidc.wrpr"= D:\Software\_Codec\ACEMEG~1\SystemS\aviwrap.dll
"vidc.wnv1"= D:\Software\_Codec\ACEMEG~1\SystemS\wnvplay1.dll
"vidc.advs"= D:\Software\_Codec\ACEMEG~1\SystemS\Adaptec\Dvc.dll
"vidc.aflc"= D:\Software\_Codec\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.afli"= D:\Software\_Codec\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
"vidc.aasc"= D:\Software\_Codec\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.aas4"= D:\Software\_Codec\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
"vidc.asv1"= D:\Software\_Codec\ACEMEG~1\SystemS\ASUS\asusasv1.dll
"vidc.asv2"= D:\Software\_Codec\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.asvx"= D:\Software\_Codec\ACEMEG~1\SystemS\ASUS\asusasv2.dll
"vidc.vcr1"= D:\Software\_Codec\ACEMEG~1\SystemS\ATI\ativcr1.dll
"vidc.vcr2"= D:\Software\_Codec\ACEMEG~1\SystemS\ATI\ativcr2.dll
"vidc.yv12"= D:\Software\_Codec\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.mwv1"= D:\Software\_Codec\ACEMEG~1\SystemS\Aware\icmw_32.dll
"vidc.bt20"= D:\Software\_Codec\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"vidc.y41p"= D:\Software\_Codec\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
"msacm.pcdv"= D:\Software\_Codec\ACEMEG~1\SystemS\Canopus\pcdv.acm
"vidc.cdvc"= D:\Software\_Codec\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
"vidc.ddvc"= D:\Software\_Codec\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
"vidc.png1"= D:\Software\_Codec\ACEMEG~1\SystemS\Core\COREPN~1.DLL
"msacm.CoreFLAC_ACM"= D:\Software\_Codec\ACEMEG~1\SystemS\Core\COREFL~1.ACM
"vidc.davc"= D:\Software\_Codec\ACEMEG~1\SystemS\dicas\davcvfw.dll
"vidc.div3"= D:\Software\_Codec\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div5"= D:\Software\_Codec\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.mpg3"= D:\Software\_Codec\ACEMEG~1\SystemS\DivX\DivXc32.dll
"vidc.div4"= D:\Software\_Codec\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.div6"= D:\Software\_Codec\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.ap41"= D:\Software\_Codec\ACEMEG~1\SystemS\DivX\DivXc32f.dll
"vidc.dvx4"= D:\Software\_Codec\ACEMEG~1\SystemS\DivX\divx4.dll
"vidc.divx"= D:\Software\_Codec\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.frwd"= D:\Software\_Codec\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwt"= D:\Software\_Codec\ACEMEG~1\SystemS\Forward\frwd.dll
"vidc.frwa"= D:\Software\_Codec\ACEMEG~1\SystemS\Forward\frwt.dll
"vidc.frwu"= D:\Software\_Codec\ACEMEG~1\SystemS\Forward\frwu.dll
"vidc.glzw"= D:\Software\_Codec\ACEMEG~1\SystemS\Gabest\GLZW.dll
"vidc.gpeg"= D:\Software\_Codec\ACEMEG~1\SystemS\Gabest\GPEG.dll
"vidc.i263"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\i263_32.drv
"vidc.iv30"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv31"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv32"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv33"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv34"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv35"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv36"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv37"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv38"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv39"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir32_32.dll
"vidc.iv40"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv41"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv42"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv43"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv44"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv45"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv46"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv47"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv48"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv49"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir41_32.dll
"vidc.iv50"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\ir50_32.dll
"vidc.ir21"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"vidc.rt21"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\IR21_R.DLL
"msacm.imc"= D:\Software\_Codec\ACEMEG~1\SystemS\Intel\IMC32.ACM
"vidc.lead"= D:\Software\_Codec\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
"vidc.dvsd"= D:\Software\_Codec\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvc"= D:\Software\_Codec\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dvcs"= D:\Software\_Codec\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
"vidc.dcmj"= D:\Software\_Codec\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi1"= D:\Software\_Codec\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.avi2"= D:\Software\_Codec\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
"vidc.dv25"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.dv50"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.msmc"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmjp"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx1"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx2"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx3"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx4"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx5"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx6"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx7"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx8"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mtx9"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"vidc.mmes"= D:\Software\_Codec\ACEMEG~1\SystemS\Matrox\DigiVCap.dll
"msacm.msadpcm"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
"msacm.imaadpcm"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
"msacm.msg711"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msg711.acm
"msacm.msg723"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msg723.acm
"msacm.msgsm610"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
"vidc.m261"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msh261.drv
"vidc.m263"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msh263.drv
"vidc.mrle"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
"vidc.msvc"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.cram"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
"vidc.mpg4"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp41"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp42"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp43"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4s"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.mp4v"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
"vidc.wmv3"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
"msacm.msaudio1"= D:\Software\_Codec\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
"vidc.vixl"= D:\Software\_Codec\ACEMEG~1\SystemS\Miro\miroxl32.dll
"vidc.nt00"= D:\Software\_Codec\ACEMEG~1\SystemS\Newtek\ntcodec.dll
"msacm.vorbis"= D:\Software\_Codec\ACEMEG~1\SystemS\OGG\vorbis.acm
"vidc.vp30"= D:\Software\_Codec\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp31"= D:\Software\_Codec\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
"vidc.vp60"= D:\Software\_Codec\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.vp61"= D:\Software\_Codec\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
"vidc.pdvc"= D:\Software\_Codec\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.ipdv"= D:\Software\_Codec\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
"vidc.pvw2"= D:\Software\_Codec\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
"vidc.pimj"= D:\Software\_Codec\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
"vidc.mjpx"= D:\Software\_Codec\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
"vidc.miro"= D:\Software\_Codec\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.dcap"= D:\Software\_Codec\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
"vidc.mjpa"= D:\Software\_Codec\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.gpjm"= D:\Software\_Codec\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
"vidc.pim1"= D:\Software\_Codec\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
"msacm.qmpeg"= D:\Software\_Codec\ACEMEG~1\SystemS\QDesign\qmpeg.acm
"vidc.rmp4"= D:\Software\_Codec\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
"vidc.rud0"= D:\Software\_Codec\ACEMEG~1\SystemS\Rududu\rududu.dll
"msacm.at3"= D:\Software\_Codec\ACEMEG~1\SystemS\SONY\atrac3.acm
"vidc.sony"= D:\Software\_Codec\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.dvcp"= D:\Software\_Codec\ACEMEG~1\SystemS\SONY\sonydv.dll
"vidc.s422"= D:\Software\_Codec\ACEMEG~1\SystemS\Tekram\tekyuv.dll
"vidc.t420"= D:\Software\_Codec\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.y411"= D:\Software\_Codec\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
"vidc.vssv"= D:\Software\_Codec\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
"msacm.voxacm160"= D:\Software\_Codec\ACEMEG~1\SystemS\VoxWare\vct3216.acm
"vidc.xvid"= D:\Software\_Codec\ACEMEG~1\SystemS\XviD\xvidvfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Vlado Marton^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Vlado Marton^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Vlado Marton\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Vlado Marton^Nabídka Start^Programy^Po spuštění^RAV4ICQ StartUp.lnk]
backup=C:\WINDOWS\pss\RAV4ICQ StartUp.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Vlado Marton^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
path=C:\Documents and Settings\Vlado Marton\Nabídka Start\Programy\Po spuštění\WinMySQLadmin.lnk
backup=C:\windows\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoreTime]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burnboltmfcdobj]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CashSurfers CashBar Navigator]
D:\Software\CASHSU~1\Cashbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
D:\Software\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Launch Pad Tray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Personal Firewall]
C:\Program Files\Comodo\Personal Firewall\CPF.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
D:\Software\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 D:\Software\Microsoft Office 2007\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
D:\Software\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
D:\Software\INCRED~1\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
D:\Software\Pinnacle Studio 10\LaunchList.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Line Speed Meter]
D:\Software\Line Speed Meter\LineSpeedMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2003-03-25 05:49 53248 D:\Software\_Codec\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtray2k]
--a------ 2003-03-25 05:49 57344 D:\Software\_Codec\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtraylsi]
--a------ 2003-03-25 05:49 53248 D:\Software\_Codec\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a--c--- 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Outpost Security Suite]
D:\Software\Outpost Security Suite\outpost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
D:\Software\Outpost Security Suite\feedback.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-31 19:22 98304 C:\windows\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
D:\Software\Sony Ericson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 20:57 1271032 D:\My Games\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-15 03:23 75520 D:\Software\Java\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler]
--a------ 2006-05-12 01:32 86016 D:\Software\TotalRecorder\TotRecSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
D:\Software\Ulead VideoStudio 11 Plus\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar]
D:\Software\AGLOCO Viewbar\Viewbar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-03-27 08:35 36352 D:\Software\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Software\\Microsoft Office 2007\\Office12\\OUTLOOK.EXE"=
"D:\\Software\\Microsoft Office 2007\\Office12\\GROOVE.EXE"=
"D:\\Software\\Microsoft Office 2007\\Office12\\ONENOTE.EXE"=
"D:\\Software\\QIP\\qip.exe"=
"D:\\Software\\Total Commander 7.0\\TOTALCMD.EXE"=
"D:\\My Games\\HLSW\\hlsw.exe"=
"D:\\Software\\BitLord\\BitLord.exe"=
"D:\\Software\\StrongDC\\StrongDC.exe"=
"D:\\My Games\\Counter-Strike 1.6\\hl.exe"=
"D:\\Software\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Software\\WinProxy\\WinProxy.exe"=

R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 bbcap;bbcap;C:\windows\system32\DRIVERS\bbcap.sys [2007-04-08 14:08]
R1 VBoxDrv;VirtualBox Service;C:\windows\system32\DRIVERS\VBoxDrv.sys [2007-12-29 10:32]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\windows\system32\DRIVERS\VBoxUSBMon.sys [2007-12-29 10:32]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;C:\windows\system32\drivers\wf88vcap.sys [2004-10-18 11:25]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;C:\windows\system32\drivers\WF88XBAR.sys [2004-10-18 11:25]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;C:\windows\system32\drivers\WF88TUNE.sys [2004-10-18 11:25]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;D:\Software\Everest UEE\kerneld.wnt [2006-12-15 00:42]
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-04 01:04]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\windows\system32\DRIVERS\usbohci.sys [2004-08-04 01:08]
R3 WFIOCTL;WFIOCTL;D:\Software\WinFast TV\WFIOCTL.SYS [2005-01-06 16:55]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 usbscan;Ovladač skeneru USB;C:\windows\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25634e24-8ca4-11dc-a82a-0016176ef274}]
\Shell\AutoRun\command - H:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20668cf-d9e2-11db-a0df-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

*Newly Created Service* - EVERESTDRIVER
.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 18:02:30 C:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1075057299.job"
- D:\Software\_HP\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 20:34:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\D:\Software\Everest UEE\kerneld.wnt"
.
Completion time: 2008-04-08 20:34:54
ComboFix-quarantined-files.txt 2008-04-08 18:34:45
Adresářů: 10, Volných bajtů: 4,681,961,472
Adresářů: 13, Volných bajtů: 4,668,641,280
.
2008-03-12 13:44:57 --- E O F ---

[BUBINO]

Nieco zmazal.

Do poznamkoveho boku skopiruj :

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25634e24-8ca4-11dc-a82a-0016176ef274}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20668cf-d9e2-11db-a0df-806d6172696f}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\burnboltmfcdobj]

Uloz na plochu ako fix.reg , poklikaj a kluce importuj. Inak nevidim ziaden vir.

[Lolllec]

To je všetko??

[BUBINO]

Ano

[Lolllec]

OK.... Dikes Ahojte