Nespustitelnost CD/DvD Vyřešeno

[MaxDamageCZ]

Soubor C:\Documents and Settings\Marek\Plocha\adramax_keylogger.zip je infikovaný virem Trojan.Keylog.Ardamax.NAJ (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Marek\Plocha\internet_worm_maker_thing.zip je infikovaný virem Generic.Malware.SIMDN!.5DB6518F (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Gator-GAIN-Claria Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Tellsky Worm" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "peopleonpage Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "peopleonpage Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "CyberSitter Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Ardamax Keylogger Commercial KeyLogger" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "PersonalAntispy Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\JavaPlugin" odkazuje na neplatný objekt "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\JavaPlugin.150_06" odkazuje na neplatný objekt "{5852F5ED-8BF4-11D4-A245-0080C6F74284}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\JavaPlugin.150_09" odkazuje na neplatný objekt "{5852F5ED-8BF4-11D4-A245-0080C6F74284}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\JavaPlugin.150_10" odkazuje na neplatný objekt "{5852F5ED-8BF4-11D4-A245-0080C6F74284}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\JavaPlugin.160_15" odkazuje na neplatný objekt "{5852F5ED-8BF4-11D4-A245-0080C6F74284}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCR\JavaPlugin.FamilyVersionSupport" odkazuje na neplatný objekt "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\WINDOWS\Downloaded Program Files\DyynoX.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\WINDOWS\Downloaded Program Files\GSManager.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Program Files\Kodak\Kodak Software Updater\7288971\6.1.4.37-7288971L\Program\PrvCnt.exe". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""D:\data\cdw32.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.5.0_10\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.6.0_01\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt ""C:\Program Files\Java\jre1.6.0_05\bin\javaws.exe"". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\PROGRA~1\F-Secure\BackWeb\7681197\632~1.116\Program\REGISTER.EXE". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Program Files\F-Secure\BackWeb\7681197\6.3.2.116-7681197L\Program\PrvCnt.exe". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Java\jre6\bin\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".swf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{3248F0A8-6813-11D6-A77B-00B0D0150060}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{3248F0A8-6813-11D6-A77B-00B0D0150090}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{3248F0A8-6813-11D6-A77B-00B0D0150100}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{3248F0A8-6813-11D6-A77B-00B0D0160010}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{3248F0A8-6813-11D6-A77B-00B0D0160050}". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_0273C234FB737DB4E8943FE89020640D.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_038648152B7E812498867BF7F04F578B.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_07E18D2A89A280A46A824983B860C3E5.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_0DC1503A46F231838AD88BCDDC8E8F7C.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_13353B9B4E7BC5E4FBC4B78C876521D4.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_14A348788087E2F41BF3521C6EC72FDF.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_18555481990E8AB4CBB63FB4F26006C0.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_1AA3974510054F24BA6B3C4616C70687.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_2E8086E8D316DCF4182AC6F88A0E3321.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_3CFA8F6589AF1ff46937A820C6FB58EB.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_4DE556595AC7FD6409F7174478A7235E.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_5C3BD7DD3AF63AF4A8172C2F49E00B92.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_647D29E8F9DC09B46986247BC4417F56.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_6B8FC1D93B7123840B26C2D20D5BB740.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_88B9552DD9CC84B418BB4F29AB9A4CC8.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_91823B80FEE67504EAADA56B183AA632.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_91C0B5CA158D4F24DB0A14E0FCF7075A.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_93BAD29AC2E44034A96BCB446EB8552E.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_963842569BC79A34288C4C83EA40ED4D.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_9866FB3BD18A8D04A968A44CCA9DCFC1.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_9936DB96F8D37B54189D1839165F01D1.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_9A177208658A14A4CA7F41055E329C32.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_A4F2E5F6D77300740B3EF8F75770AE51.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_A5F7A329C8E1EBF4D86F5849A0067AF9.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_A7F28C84001FBAD43A01E881FB12951E.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_A8BE3B5A17040F24E8E8A73824AAE896.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_BCBABCC2724655A40B19946864324CF3.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_C07230C7BAF4C5F41BD025EFAD917009.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_C0EC6E66E1A5C0344BA0C009FF81408A.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_C11362F5531BF7F41BE1E856F03856E1.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_D02306AC61A68C943AF448EE4F975976.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_DB242B2AD8FF0484D9AA1907AEEB5CC9.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_DC3BF90CC0D3D2F398A9A6D1762F70F3.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_EA15D5BA3CBED83478C207C5C702480B.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\All Users\Data aplikací\SecTaskMan\icn_EEB0EBA6275D8EF44B43E9272A9834B1.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Marek\Dokumenty\G4r_PortableRD119.rar je infikovaný virem Trojan.Generic.1466341 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Marek\Dokumenty\instalace_viru.exe je infikovaný virem Gen:Trojan.Heur.au0@fL3d9@bi (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Marek\Dokumenty\samp01b-installer.zip je infikovaný virem Trojan.Generic.958353 (DB) !! Provedené akce: Ponecháno, neodstraněno!.

[Reklama]

[jaro3]

Najdi a smaž:
C:\Documents and Settings\Marek\Plocha\adramax_keylogger.zip
C:\Documents and Settings\Marek\Plocha\internet_worm_maker_thing.zip
C:\Documents and Settings\All Users\Data aplikací\SecTaskMan ---všechny soubory ve složce označ.MWAV
C:\Documents and Settings\Marek\Dokumenty\G4r_PortableRD119.rar
C:\Documents and Settings\Marek\Dokumenty\instalace_viru.exe
C:\Documents and Settings\Marek\Dokumenty\samp01b-installer.zip

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

zejtra..

[MaxDamageCZ]

OK, vše ručně odstraněno, pak jsem dal mbam, log je zde:


Malwarebytes' Anti-Malware 1.41
Verze databáze: 2857
Windows 5.1.2600 Service Pack 3

25.10.2009 11:54:29
mbam-log-2009-10-25 (11-54-23).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 133080
Uplynulý čas: 11 minute(s), 0 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 1
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ardamax Keylogger (PUP.ArdamaxKeyLogger) -> No action taken.

Infikované soubory:
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ardamax Keylogger\Help.lnk (PUP.ArdamaxKeyLogger) -> No action taken.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ardamax Keylogger\Log Viewer.lnk (PUP.ArdamaxKeyLogger) -> No action taken.

[MaxDamageCZ]

dal jsem nový scan mwavu a žádné viry jen pár errorů

25 X 2009 12:13:00 - ERROR!!! Invalid Entry %SystemRoot%\System32\hidserv.dll in HKLM\SYSTEM\CurrentControlSet\Services\HidServ\Parameters. Action Taken: No Action Taken.
25 X 2009 12:13:01 - ERROR!!! Invalid Entry System32\Drivers\M1000KNT.sys in HKLM\SYSTEM\CurrentControlSet\Services\M1000Srv. Action Taken: No Action Taken.
25 X 2009 12:13:01 - ERROR!!! Invalid Entry \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS in HKLM\SYSTEM\CurrentControlSet\Services\MREMP50a64. Action Taken: No Action Taken.
25 X 2009 12:13:01 - ERROR!!! Invalid Entry \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS in HKLM\SYSTEM\CurrentControlSet\Services\MREMPR5. Action Taken: No Action Taken.
25 X 2009 12:13:01 - ERROR!!! Invalid Entry \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS in HKLM\SYSTEM\CurrentControlSet\Services\MRENDIS5. Action Taken: No Action Taken.
25 X 2009 12:13:01 - ERROR!!! Invalid Entry \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS in HKLM\SYSTEM\CurrentControlSet\Services\MRESP50a64. Action Taken: No Action Taken.

[jaro3]

Ardamax Keylogger --to sis tam instaloval sám?

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Stáhni si RSIT (by random/random)
- spusť ho, objeví se ti okno, tak pro pokračování klikni na Continue
- počkej až program proběhne a zobrazí se ti log jinak ho najdeš zde: C:\rsit\log.txt zkopíruj sem prosím celý jeho obsah

[MaxDamageCZ]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2857
Windows 5.1.2600 Service Pack 3

25.10.2009 13:44:47
mbam-log-2009-10-25 (13-44-47).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 132798
Uplynulý čas: 9 minute(s), 52 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 1
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ardamax Keylogger (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ardamax Keylogger\Help.lnk (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Ardamax Keylogger\Log Viewer.lnk (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.











Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2009-10-25 13:45:54
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 109 GB (46%) free of 238 GB
Total RAM: 1023 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:18 odp., on 25.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Marek\Plocha\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Marek\LOCALS~1\Temp\Rar$EX00.937\SoftKeyRevealer.exe
C:\Documents and Settings\Marek\Plocha\Moje soubory\Složka nejvyšší nouze\RSIT.exe
C:\Documents and Settings\Marek\Plocha\Moje soubory\Složka nejvyšší nouze\Marek.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [utorrent.exe] C:\Documents and Settings\Marek\Plocha\utorrent.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1ca18e6298cdd6) (gupdate1ca18e6298cdd6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5445 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{CB8F93AA-F0A1-41BE-9268-229B640A54CD}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{D8C6849B-BD9A-4B92-970F-E7635BC45510}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"utorrent.exe"=C:\Documents and Settings\Marek\Plocha\utorrent.exe [2009-10-05 289072]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2007-05-13 1314032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M1000Mnt]
M1000Rmv.exe /StartStillMnt []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-04-23 22058792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-03-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-10 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Data aplikací\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe [2007-04-23 2664448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Security Suite]
C:\Documents and Settings\All Users\Data aplikací\19238c8\WI1923.exe /s /d []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoResolveSearch"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"NoFolderOptions"=
"NoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe"="C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Enabled:Need For Speed III for Win32"
"C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe"="C:\Program Files\Sierra\SWAT 4\Content\System\Swat4.exe:*:Enabled:SWAT 4"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Sierra\CoolPool\coolpool.exe"="C:\Sierra\CoolPool\coolpool.exe:*:Disabled:Cool Pool."
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe"="C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\Marek\Local Settings\Data aplikací\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Marek\Local Settings\Data aplikací\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\keyclone\keyclone.exe"="C:\Program Files\keyclone\keyclone.exe:*:Enabled:keyclone"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enGB-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Marek\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Marek\Plocha\utorrent.exe"="C:\Documents and Settings\Marek\Plocha\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Marek\Local Settings\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe"="C:\Documents and Settings\Marek\Local Settings\temp\java_ee_sdk-5_07-jdk-6u16-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-10-25 13:45:54 ----DC---- C:\rsit
2009-10-25 12:27:58 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-25 12:27:58 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-25 12:27:58 ----A---- C:\WINDOWS\system32\java.exe
2009-10-24 07:56:48 ----AD---- C:\WINDOWS\system32\runouce.exe
2009-10-24 07:55:18 ----A---- C:\WINDOWS\system32\msvcr80.dll
2009-10-24 07:55:17 ----A---- C:\WINDOWS\system32\msvcp80.dll
2009-10-24 07:55:14 ----A---- C:\WINDOWS\system32\T.COM
2009-10-24 07:55:13 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2009-10-24 07:55:13 ----A---- C:\WINDOWS\REGEDIT.COM
2009-10-24 07:55:13 ----A---- C:\WINDOWS\R.COM
2009-10-24 07:55:12 ----D---- C:\Program Files\Common Files\MicroWorld
2009-10-24 07:55:07 ----DC---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2009-10-23 19:09:22 ----DC---- C:\Sun
2009-10-22 18:19:41 ----AC---- C:\Bug.txt
2009-10-22 18:19:18 ----DC---- C:\32788R22FWJFW
2009-10-21 19:01:28 ----D---- C:\Program Files\AskBardis
2009-10-21 18:51:44 ----D---- C:\WINDOWS\temp
2009-10-20 16:20:13 ----AC---- C:\RootRepeal report 10-20-09 (17-20-13).txt
2009-10-20 15:53:33 ----HD---- C:\WINDOWS\PIF
2009-10-19 18:20:53 ----D---- C:\Program Files\HTV
2009-10-18 20:19:45 ----D---- C:\Documents and Settings\Marek\Data aplikací\Comodo
2009-10-18 20:00:29 ----D---- C:\Program Files\COMODO
2009-10-18 08:35:10 ----AD---- C:\WINDOWS\VDLL.DLL
2009-10-18 08:35:10 ----AD---- C:\WINDOWS\RUNDL132.EXE
2009-10-18 08:35:10 ----AD---- C:\WINDOWS\logo_1.exe
2009-10-18 08:33:37 ----A---- C:\WINDOWS\system32\eEmpty.exe
2009-10-18 08:27:57 ----SHDC---- C:\RECYCLER
2009-10-17 19:54:32 ----D---- C:\Program Files\Prevx
2009-10-17 19:54:13 ----DC---- C:\Documents and Settings\All Users\Data aplikací\PrevxCSI
2009-10-17 18:22:28 ----D---- C:\Program Files\Conduit
2009-10-17 18:22:26 ----D---- C:\Program Files\free-downloads.net
2009-10-14 14:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 14:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 14:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 14:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 14:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 14:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 14:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 14:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 13:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-11 18:11:31 ----D---- C:\Documents and Settings\Marek\Data aplikací\Opera
2009-10-11 18:11:03 ----D---- C:\Program Files\Opera
2009-10-10 12:50:20 ----D---- C:\Documents and Settings\Marek\Data aplikací\cmw
2009-10-10 12:03:23 ----DC---- C:\iPod Photo Cache
2009-10-09 13:26:35 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-10-09 13:26:19 ----D---- C:\Program Files\Registry Mechanic
2009-10-05 18:21:43 ----D---- C:\WINDOWS\Internet Logs
2009-10-05 18:11:57 ----D---- C:\Program Files\JockerSoft
2009-10-05 16:15:32 ----D---- C:\Documents and Settings\Marek\Data aplikací\Azureus
2009-10-05 16:14:49 ----D---- C:\Program Files\Vuze
2009-10-05 16:04:01 ----D---- C:\Program Files\BitLord
2009-10-04 18:50:46 ----D---- C:\Program Files\wxDownload Fast
2009-10-04 18:33:13 ----DC---- C:\Downloads
2009-10-04 17:56:16 ----D---- C:\Documents and Settings\Marek\Data aplikací\uTorrent
2009-10-04 17:15:10 ----D---- C:\Program Files\Star Downloader
2009-10-02 16:51:48 ----D---- C:\Program Files\Avanquest update
2009-10-02 10:33:07 ----D---- C:\Program Files\Total Video Converter
2009-10-02 10:05:12 ----DC---- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
2009-10-02 06:37:33 ----A---- C:\WINDOWS\system32\muweb.dll
2009-10-01 11:57:41 ----D---- C:\Documents and Settings\Marek\Data aplikací\IObit
2009-10-01 11:53:42 ----D---- C:\Program Files\IObit
2009-09-30 12:59:46 ----D---- C:\Program Files\iPod
2009-09-30 12:58:55 ----D---- C:\Program Files\iTunes
2009-09-30 12:24:47 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-09-30 07:42:54 ----DC---- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-30 07:41:09 ----D---- C:\Program Files\QuickTime
2009-09-30 07:41:07 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2009-09-30 07:40:25 ----D---- C:\Program Files\Apple Software Update
2009-09-30 07:39:57 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-09-30 07:39:27 ----D---- C:\Program Files\Common Files\Apple
2009-09-25 13:11:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-23 15:23:38 ----D---- C:\WINDOWS\system32\Adobe
2009-09-23 15:02:30 ----D---- C:\Program Files\Warp
2009-09-19 16:30:50 ----D---- C:\Program Files\Security Task Manager
2009-09-19 16:00:41 ----D---- C:\Documents and Settings\Marek\Data aplikací\TeamViewer
2009-09-19 10:35:49 ----D---- C:\Documents and Settings\Marek\Data aplikací\ESET
2009-09-19 10:33:51 ----D---- C:\Program Files\ESET
2009-09-18 17:07:39 ----A---- C:\WINDOWS\GTA-SA_Trn_Settings.ini
2009-09-12 17:01:26 ----DC---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2009-09-12 16:56:23 ----D---- C:\Program Files\ICQ6.5
2009-09-10 20:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-10 20:21:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-01 17:41:23 ----D---- C:\Program Files\Common Files\Jasc Software Inc
2009-09-01 17:41:23 ----D---- C:\Documents and Settings\Marek\Data aplikací\Jasc Software Inc
2009-09-01 17:40:12 ----D---- C:\Program Files\Jasc Software Inc
2009-09-01 17:33:09 ----D---- C:\Program Files\Bonjour
2009-09-01 17:05:44 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-09-01 15:34:07 ----A---- C:\WINDOWS\Sqirlz Morph Uninstaller.exe
2009-09-01 15:34:06 ----D---- C:\Program Files\Sqirlz Morph
2009-08-26 13:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-17 21:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-12 04:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 04:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 04:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 04:58:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 04:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 04:58:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 04:58:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 04:58:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 04:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-08 13:18:59 ----D---- C:\Documents and Settings\Marek\Data aplikací\ZoomBrowser EX
2009-08-08 10:52:13 ----DC---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2009-08-08 10:51:42 ----D---- C:\Program Files\Canon
2009-08-08 10:50:11 ----D---- C:\Program Files\Common Files\Canon
2009-08-04 18:52:22 ----A---- C:\WINDOWS\system32\FM20.DLL
2009-08-04 12:37:46 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-03 16:13:44 ----DC---- C:\Documents and Settings\All Users\Data aplikací\PY_Software
2009-08-03 16:13:36 ----D---- C:\Program Files\Actual Drawing
2009-08-03 15:55:46 ----N---- C:\WINDOWS\system32\sfcfiles.dll
2009-08-02 16:37:09 ----DC---- C:\pch
2009-08-01 08:56:58 ----AC---- C:\regl.txt
2009-07-31 18:32:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-31 15:17:11 ----DC---- C:\HostsXpert 4.3 - Hosts File Manager
2009-07-30 12:56:39 ----DC---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2009-07-30 12:56:11 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-30 12:56:11 ----D---- C:\Documents and Settings\Marek\Data aplikací\SUPERAntiSpyware.com
2009-07-30 09:15:42 ----AC---- C:\TCleaner.txt
2009-07-29 22:09:41 ----DC---- C:\HostsXpert 4.2 - Hosts File Manager
2009-07-29 10:39:47 ----DC---- C:\Documents and Settings\All Users\Data aplikací\ESET
2009-07-28 20:19:02 ----DC---- C:\VerTerm
2009-07-28 18:50:00 ----D---- C:\Program Files\PetrLite
2009-07-28 17:51:33 ----AC---- C:\Boot.bak
2009-07-28 17:51:23 ----RASHDC---- C:\cmdcons
2009-07-28 17:14:28 ----D---- C:\Documents and Settings\Marek\Data aplikací\Malwarebytes
2009-07-28 17:14:23 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2009-07-28 16:49:29 ----D---- C:\Documents and Settings\Marek\Data aplikací\Download Manager
2009-07-28 16:36:54 ----D---- C:\Program Files\CCleaner
2009-07-28 16:30:06 ----R---- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
2009-07-28 16:16:47 ----D---- C:\Program Files\RegCleaner
2009-07-28 14:58:39 ----A---- C:\WINDOWS\system32\wt_menu.dll
2009-07-28 14:58:39 ----A---- C:\WINDOWS\system32\vbuzip10.DLL
2009-07-28 14:58:39 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2009-07-28 14:58:38 ----D---- C:\Program Files\Smarty Uninstaller Pro
2009-07-28 14:57:16 ----D---- C:\Program Files\VS Revo Group
2009-07-28 09:44:01 ----D---- C:\Program Files\Trend Micro
2009-07-27 16:10:11 ----D---- C:\Documents and Settings\Marek\Data aplikací\DAEMON Tools Lite
2009-07-27 15:14:53 ----D---- C:\Documents and Settings\Marek\Data aplikací\XnView
2009-07-27 15:14:45 ----D---- C:\Program Files\XnView
2009-07-27 15:00:43 ----D---- C:\Documents and Settings\Marek\Data aplikací\RealWorld
2009-07-27 14:56:12 ----D---- C:\Documents and Settings\Marek\Data aplikací\CursorArts
2009-07-27 14:55:52 ----A---- C:\WINDOWS\iltwain.ini
2009-07-27 14:50:23 ----D---- C:\Program Files\HTML editor Yugie-shareware
2009-07-27 11:56:45 ----A---- C:\WINDOWS\bluevoda.ini
2009-07-27 11:24:01 ----D---- C:\Program Files\BlueVoda Website Builder
2009-07-26 16:00:43 ----SHDC---- C:\Documents and Settings\All Users\Data aplikací\19238c8

======List of files/folders modified in the last 3 months======

2009-10-25 13:45:57 ----D---- C:\WINDOWS\Prefetch
2009-10-25 12:54:08 ----SHD---- C:\WINDOWS\Installer
2009-10-25 12:54:07 ----DC---- C:\Config.Msi
2009-10-25 12:53:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-25 12:46:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 12:27:59 ----D---- C:\WINDOWS\system32
2009-10-25 11:41:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-25 11:39:07 ----D---- C:\Program Files\Mozilla Firefox
2009-10-25 11:38:58 ----D---- C:\WINDOWS
2009-10-24 14:20:34 ----AC---- C:\WINDOWS\wincmd.ini
2009-10-24 07:55:12 ----D---- C:\Program Files\Common Files
2009-10-23 18:25:33 ----D---- C:\Program Files\Java
2009-10-22 18:20:12 ----SHD---- C:\System Volume Information
2009-10-22 18:20:12 ----D---- C:\WINDOWS\system32\Restore
2009-10-21 19:01:28 ----RD---- C:\Program Files
2009-10-21 19:01:05 ----D---- C:\WINDOWS\system32\drivers
2009-10-21 18:55:13 ----AC---- C:\WINDOWS\system.ini
2009-10-21 18:52:34 ----D---- C:\WINDOWS\system32\config
2009-10-21 18:45:30 ----D---- C:\WINDOWS\AppPatch
2009-10-21 18:31:29 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2009-10-21 18:29:39 ----D---- C:\Program Files\Common Files\Adobe
2009-10-21 18:27:37 ----D---- C:\Program Files\Adobe
2009-10-20 20:23:44 ----SD---- C:\WINDOWS\Tasks
2009-10-20 19:53:25 ----DC---- C:\Documents and Settings
2009-10-18 18:21:32 ----HD---- C:\WINDOWS\inf
2009-10-18 11:48:34 ----D---- C:\Program Files\EA SPORTS
2009-10-18 08:27:57 ----D---- C:\WINDOWS\Debug
2009-10-17 19:54:08 ----AC---- C:\WINDOWS\wininit.ini
2009-10-14 14:33:53 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 14:33:40 ----RSD---- C:\WINDOWS\assembly
2009-10-14 14:20:10 ----D---- C:\WINDOWS\WinSxS
2009-10-14 14:16:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-14 14:16:26 ----D---- C:\Program Files\Internet Explorer
2009-10-14 14:15:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-12 15:05:14 ----ADC---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-10-12 14:32:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-11 16:58:05 ----D---- C:\Documents and Settings\Marek\Data aplikací\OpenOffice.org2
2009-10-08 19:16:34 ----DC---- C:\239d5f126446beb4abcb8e88
2009-10-02 19:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-02 16:51:24 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-02 10:33:24 ----RSD---- C:\WINDOWS\Fonts
2009-10-02 10:02:48 ----D---- C:\Program Files\Sony Ericsson
2009-10-02 10:02:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2009-10-02 09:48:32 ----D---- C:\Documents and Settings\Marek\Data aplikací\Apple Computer
2009-10-01 12:27:59 ----D---- C:\Program Files\VDMSound
2009-10-01 12:21:45 ----D---- C:\Program Files\Nvu
2009-10-01 12:21:40 ----DC---- C:\Documents and Settings\All Users\Data aplikací\fssg
2009-10-01 12:21:40 ----D---- C:\WINDOWS\system32\BWKDLogs
2009-10-01 12:21:39 ----D---- C:\WINDOWS\security
2009-10-01 12:21:38 ----D---- C:\Program Files\World of Warcraft
2009-10-01 12:21:38 ----D---- C:\Program Files\VirtualDJ
2009-10-01 12:21:38 ----D---- C:\Program Files\Video DVD Maker FREE
2009-10-01 12:21:38 ----D---- C:\Program Files\Toribash-3.1
2009-10-01 12:21:38 ----D---- C:\Program Files\Teamspeak2_RC2
2009-10-01 12:21:38 ----D---- C:\Program Files\Stykz
2009-10-01 12:21:38 ----D---- C:\Program Files\RADVideo
2009-10-01 12:21:37 ----DC---- C:\Logs
2009-10-01 12:21:33 ----D---- C:\Documents and Settings\Marek\Data aplikací\teamspeak2
2009-10-01 12:21:29 ----D---- C:\WINDOWS\twain_32
2009-10-01 12:21:29 ----D---- C:\Documents and Settings\Marek\Data aplikací\Free Audio Editor
2009-10-01 12:21:28 ----D---- C:\WINDOWS\Help
2009-10-01 12:21:28 ----D---- C:\Program Files\WinRAR
2009-09-30 07:48:16 ----DC---- C:\Documents and Settings\All Users\Data aplikací\Apple
2009-09-29 09:16:08 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-25 16:25:23 ----D---- C:\WINDOWS\system32\Macromed
2009-09-25 13:33:17 ----D---- C:\Documents and Settings\Marek\Data aplikací\Adobe
2009-09-21 17:43:31 ----D---- C:\WINDOWS\system32\DirectX
2009-09-17 18:58:19 ----D---- C:\WINDOWS\system32\wbem
2009-09-14 17:08:37 ----D---- C:\Documents and Settings\Marek\Data aplikací\AdobeUM
2009-09-12 16:57:19 ----D---- C:\Program Files\ICQ6
2009-09-11 15:19:35 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 22:05:18 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-09-02 10:26:42 ----D---- C:\Program Files\NextUp Talker
2009-08-31 15:00:21 ----D---- C:\WINDOWS\system
2009-08-31 14:54:54 ----D---- C:\Program Files\Free Power Word to Pdf Converter
2009-08-31 14:54:32 ----D---- C:\Program Files\Free PDF to Word Doc Converter
2009-08-31 14:39:35 ----D---- C:\Program Files\Common Files\Teleca Shared
2009-08-31 14:37:26 ----D---- C:\Program Files\Text to Speech Maker
2009-08-31 14:23:28 ----D---- C:\Program Files\MumboJumbo
2009-08-31 14:23:03 ----D---- C:\Program Files\Wanadoo Edition
2009-08-31 14:13:39 ----D---- C:\Program Files\Acoustica Mixcraft
2009-08-29 08:58:59 ----N---- C:\WINDOWS\system32\wininet.dll
2009-08-29 08:58:59 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 08:58:58 ----A---- C:\WINDOWS\system32\occache.dll
2009-08-29 08:58:57 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-08-29 08:58:53 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 08:58:53 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 08:58:52 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 08:58:51 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 08:58:50 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-08-29 08:58:49 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 08:58:45 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-28 11:35:03 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-26 09:02:12 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-22 19:03:32 ----D---- C:\Program Files\Rockstar Games
2009-08-21 13:56:57 ----D---- C:\Documents and Settings\Marek\Data aplikací\Mozilla
2009-08-12 04:58:27 ----D---- C:\Program Files\Outlook Express
2009-08-09 13:55:50 ----A---- C:\WINDOWS\wcx_ftp.ini
2009-08-09 12:54:35 ----D---- C:\Program Files\Google
2009-08-09 12:40:39 ----D---- C:\Documents and Settings\Marek\Data aplikací\Google
2009-08-06 18:24:22 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 18:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 18:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 18:24:10 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-06 18:24:10 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-06 18:24:06 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 18:24:06 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 18:24:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-06 18:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 18:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 18:23:52 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-08-06 18:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-06 18:23:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-08-05 10:01:14 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 21:59:38 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2009-08-04 18:53:06 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-04 18:50:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-04 18:29:40 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-08-01 17:38:03 ----D---- C:\Program Files\Windows Desktop Search
2009-08-01 15:59:33 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-08-01 15:59:17 ----D---- C:\WINDOWS\system32\cs-cz
2009-07-31 18:33:10 ----RD---- C:\WINDOWS\Web
2009-07-31 10:17:56 ----RASHC---- C:\boot.ini
2009-07-29 20:38:38 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-29 12:59:47 ----D---- C:\WINDOWS\ie8updates
2009-07-28 19:10:17 ----D---- C:\WINDOWS\network diagnostic
2009-07-28 18:02:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-28 16:39:59 ----D---- C:\WINDOWS\Minidump
2009-07-28 16:14:10 ----SD---- C:\Documents and Settings\Marek\Data aplikací\Microsoft
2009-07-28 16:10:41 ----A---- C:\WINDOWS\win.ini
2009-07-26 16:54:00 ----D---- C:\Program Files\Illusion Softworks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cpuidlep;CpuIdle Pro System Driver; C:\WINDOWS\system32\drivers\cpuidlep.sys [2009-09-26 4484]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2003-06-18 36826]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2006-12-23 80768]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-03-25 2314560]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-14 25280]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2003-06-18 138485]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 agh0u2ff;agh0u2ff; C:\WINDOWS\system32\drivers\agh0u2ff.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 axskbus;axskbus; C:\WINDOWS\system32\DRIVERS\axskbus.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2003-06-18 8058]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2003-06-18 63002]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-02-20 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-02-20 20520]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-07-07 79488]
S3 M1000Srv;M5603C USB2.0 Camera Driver; C:\WINDOWS\System32\Drivers\M1000KNT.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-04-13 53376]
S3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-04-13 414464]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-25 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe [2007-05-03 1099280]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1ca18e6298cdd6;Google Update Service (gupdate1ca18e6298cdd6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-07-05 358008]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-10-17 4368952]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-01 654848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-06 66872]
S4 ScsiAccess;ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [2003-02-04 181312]
S4 SMART Web Server;SMART Web Server; C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe [2007-04-19 759312]

-----------------EOF-----------------

[jaro3]

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
agh0u2ff;agh0u2ff
agh0u2ff

:Reg

:Files
C:\Program Files\AskBardis


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Stáhni si ToolsCleaner2( by de A.Rothstein & Dj Quiou )

na plochu a spusť ho.
Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění)a odstraň nalezené.
Zavři program.
Program maže i všechny nástroje na odvirování a vytváření logů , které se zde používají (HJT, Combofix, OTM, OTL, OTS atd.)

Pak stáhni nový HJT a dej sem z něj log...

Problémy bude , že tam máš nainstalovaný Alcohol i Daemon Tools----jeden odinstaluj ( napřed mechaniky).

[MaxDamageCZ]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver agh0u2ff;agh0u2ff not found.
Service\Driver agh0u2ff;agh0u2ff not found.
Service\Driver agh0u2ff not found.
Service\Driver key agh0u2ff deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\AskBardis\bar\Settings moved successfully.
C:\Program Files\AskBardis\bar moved successfully.
C:\Program Files\AskBardis moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kuma
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marek
->Temp folder emptied: 333168337 bytes
->Temporary Internet Files folder emptied: 13724713 bytes
->Java cache emptied: 25493434 bytes
->FireFox cache emptied: 87747219 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 37910 bytes

User: Marek_2
->Temp folder emptied: 120208 bytes
->Temporary Internet Files folder emptied: 631806 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16747355 bytes

User: MaxDamage - uživatel
->Temp folder emptied: 160084 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 45505424 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 102912 bytes
RecycleBin emptied: 7443112 bytes

Total Files Cleaned = 506,32 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10252009_142442

Files moved on Reboot...

Registry entries deleted on Reboot...

[MaxDamageCZ]

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Nabídka Start\Programy\HijackThis: trouvé !
C:\Documents and Settings\All Users\Nabídka Start\Programy\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Marek\Plocha\OTM.exe: trouvé !
C:\Documents and Settings\Marek\Plocha\Moje soubory\Složka nejvyšší nouze\Gmer.exe: trouvé !
C:\Documents and Settings\Marek\Plocha\Moje soubory\Složka nejvyšší nouze\HijackThis.exe: trouvé !
C:\Documents and Settings\Marek\Plocha\Moje soubory\Složka nejvyšší nouze\hijackthis.log: trouvé !
C:\Documents and Settings\Marek\Plocha\Moje soubory\Složka nejvyšší nouze\Rsit.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

[MaxDamageCZ]

Chtěl jsem odinstalovat daemon tools, ale nenašel jsem to ani v přidat/odebrat programy ani v CCleaner, jak to mám vymazat, pls?

[MaxDamageCZ]

a ještě tu je log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:31 odp., on 25.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marek\Plocha\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [utorrent.exe] C:\Documents and Settings\Marek\Plocha\utorrent.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1ca18e6298cdd6) (gupdate1ca18e6298cdd6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4628 bytes

[jaro3]

Zkoušel jsi najít nějaký odinstalátor?

Já to můžu akorát odmazat přes CF.

Nejprve zkus znovu nainstalovat a pak použít jejich odinstalátor.

Když to nepůjde , dej sem log z Combofixu.
Vypni rez. ochranu u NOD32
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah