Dal som spraviť test priečinku Documents and Settings, kde hlási tie hrozby a našlo to dva rootkity a dvoch trojanov. Dal som ich odstrániť ale stále mi tu vyhadzuje to isté...
Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2012-02-28 20:33:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 976 MB (5%) free of 20 GB
Total RAM: 1022 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:32, on 28.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Noční obloha\vesmir.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
D:\RSIT.exe
C:\Program Files\trend micro\Roman.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [AllMyNotes] C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe -autostartup
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Vesmír na dlani.lnk = ?
O4 - Global Startup: Windchill ProductPoint Client Manager.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Roman\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Roman\Desktop\PartyPoker.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {000168A3-4EF2-49DD-B7BD-595E8C394B31} - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 7479 bytes
======Scheduled tasks folder======
C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-813497703-1417001333-1003.job
C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-813497703-1417001333-1003.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\9iqm5760.default
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\WINDOWS.0\system32\TVUAx\npTVUAx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13]
"Description"=15.0.1.13
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
nprjplug.dll
nprpjplug.dll
npvsharetvplg.dll
nsjsrealplayerplugin.xpt
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\9iqm5760.default\extensions\
customizable-shortcuts@timtaubert.de
firefox@tvunetworks.com
superstart@enjoyfreeware.org
vshare@toolbar
{5384767E-00D9-40E9-B72F-9CC39D655D6F}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-01-04 425680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2006-07-20 7581696]
"RTHDCPL"=C:\WINDOWS.0\RTHDCPL.EXE [2006-09-22 16236032]
"SkyTel"=C:\WINDOWS.0\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS.0\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Bonus.SSR.FR10"=C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2009-12-20 941320]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-01-04 296056]
"KernelFaultCheck"=C:\WINDOWS.0\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]
"AllMyNotes"=C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe [2011-05-12 2705672]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2009-03-13 1216931]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2011-08-12 2433024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-10-12 5810128]
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup
Windchill ProductPoint Client Manager.lnk - C:\WINDOWS.0\Installer\{D27AB79F-B1B3-49E1-97E7-94E30882F01F}\_112AFB1E788558580027CB.exe
C:\Documents and Settings\Roman\Start Menu\Programs\Startup
Vesmír na dlani.lnk - C:\Program Files\Noční obloha\vesmir.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS.0\system32\antiwpa.dll [2003-05-25 60416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\ApexDC\ApexDC\ApexDC.exe"="D:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"D:\HRY\Vietcong\vietcong.exe"="D:\HRY\Vietcong\vietcong.exe:*:Enabled:vietcong"
"F:\ApexDC\ApexDC\ApexDC.exe"="F:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:3\ApexDC\ApexDC\ApexDC.exe"="C:3\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:6\ApexDC\ApexDC\ApexDC.exe"="C:6\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"E:\Revolt\Revolt (full game)+Hamachi_by_punksoul\Revolt (full game)+Hamachi\REVOLT - FULL GAME\revolt.exe"="E:\Revolt\Revolt (full game)+Hamachi_by_punksoul\Revolt (full game)+Hamachi\REVOLT - FULL GAME\revolt.exe:*:Disabled:revolt"
"C:\WINDOWS.0\system32\dplaysvr.exe"="C:\WINDOWS.0\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:3\Flatout 2\FlatOut 2\flatout2.exe"="C:3\Flatout 2\FlatOut 2\flatout2.exe:*:Enabled:flatout2.exe"
"D:3\ApexDC\ApexDC\ApexDC.exe"="D:3\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"E:\FIFA11\Game\fifa.exe"="E:\FIFA11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Documents and Settings\Roman\Application Data\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\Roman\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"G:\ApexDC\ApexDC\ApexDC.exe"="G:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Frankie Dettori Racing - Melbourne Cup Challenge\Racing.exe"="C:\Program Files\Frankie Dettori Racing - Melbourne Cup Challenge\Racing.exe:*:Enabled:Frankie Dettori Racing - Melbourne Cup Challenge"
"C:\Program Files\proeWildfire 5.0\i486_nt\obj\xtop.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 5.0\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 5.0\i486_nt\nms\nmsd.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:9\ApexDC\ApexDC\ApexDC.exe"="C:9\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\proeWildfire 4.0\i486_nt\nms\nmsd.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 4.0\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 4.0\i486_nt\obj\xtop.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"D:5\ApexDC\ApexDC\ApexDC.exe"="D:5\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:0\ApexDC\ApexDC\ApexDC.exe"="C:0\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"D:2\ApexDC\ApexDC\ApexDC.exe"="D:2\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe"="C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe:*:Enabled:WorldWide Telescope"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"D:0\ApexDC\ApexDC\ApexDC.exe"="D:0\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"H:\ApexDC\ApexDC\ApexDC.exe"="H:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ApexDC++\ApexDC.exe"="C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"X:\ApexDC\ApexDC\ApexDC.exe"="X:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe"="C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe:*:Enabled:Java(TM) Platform SE binary"
"C:5\ApexDC\ApexDC\ApexDC.exe"="C:5\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:8\ApexDC\ApexDC\ApexDC.exe"="C:8\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"D:4\ApexDC\ApexDC\ApexDC.exe"="D:4\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:4\ApexDC\ApexDC\ApexDC.exe"="C:4\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"X:\ApexDC++\ApexDC.exe"="X:\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"E:\Install\ApexDC\ApexDC\ApexDC.exe"="E:\Install\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"D:\HRY\Pocket Tanks Deluxe\pockettanks.exe"="D:\HRY\Pocket Tanks Deluxe\pockettanks.exe:*:Enabled:Pocket Tanks"
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player"
"C:\Program Files\Doxxbet\pokerclient\Doxxbet.exe"="C:\Program Files\Doxxbet\pokerclient\Doxxbet.exe:*:Enabled:Poker Client Software"
"C:1\ApexDC\ApexDC\ApexDC.exe"="C:1\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:7\ApexDC\ApexDC\ApexDC.exe"="C:7\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:2\ApexDC\ApexDC\ApexDC.exe"="C:2\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"F:\ApexDC++\ApexDC.exe"="F:\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\ApexDC\ApexDC.exe"="F:\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
"X:\VirtuaTennis\Virtua Tennis\vtennis\VIRTUA_TENNIS_PC.exe"="X:\VirtuaTennis\Virtua Tennis\vtennis\VIRTUA_TENNIS_PC.exe:*:Enabled:VIRTUA_TENNIS_PC"
"C:\WINDOWS.0\system32\dpnsvr.exe"="C:\WINDOWS.0\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS.0\system32\iac25_32.ax
"vidc.iv50"=C:\PROGRA~1\SPlayer\ir50_32.dll
"msacm.l3acm"=C:\WINDOWS.0\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"VIDC.CSM0"=CSMX.dll
======File associations======
.scr - open - "C:\WINDOWS.0\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2012-02-28 20:33:20 ----D---- C:\rsit
======List of files/folders modified in the last 1 month======
2012-02-28 20:33:27 ----D---- C:\WINDOWS.0\Prefetch
2012-02-28 20:33:25 ----D---- C:\Program Files\trend micro
2012-02-28 20:29:34 ----D---- C:\WINDOWS.0\system32
2012-02-28 20:29:34 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2012-02-28 20:25:36 ----D---- C:\WINDOWS.0\Temp
2012-02-28 20:24:44 ----D---- C:\WINDOWS.0
2012-02-28 20:21:57 ----D---- C:\Program Files\Mozilla Firefox
2012-02-28 16:42:13 ----D---- C:\Program Files\ABBYY FineReader 10
2012-02-27 22:35:07 ----D---- C:\Documents and Settings\Roman\Application Data\AIMP
2012-02-26 22:11:09 ----D---- C:\WINDOWS.0\system32\CatRoot2
2012-02-23 10:57:38 ----D---- C:\Documents and Settings\Roman\Application Data\Microgaming
2012-02-20 21:06:44 ----D---- C:\bwinPoker JPC
2012-02-18 19:40:14 ----D---- C:\Program Files\PokerStars
2012-02-16 10:40:41 ----D---- C:\Program Files\PartyGaming
2012-02-15 00:54:04 ----D---- C:\Documents and Settings\Roman\Application Data\vlc
2012-02-13 15:12:19 ----D---- C:\Program Files\Foxit Software
2012-02-05 08:05:38 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2012-02-02 20:12:38 ----D---- C:\Program Files\Opera
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sptd;sptd; C:\WINDOWS.0\System32\Drivers\sptd.sys [2010-11-14 436792]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS.0\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswRdr;aswRdr; C:\WINDOWS.0\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS.0\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS.0\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS.0\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS.0\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS.0\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS.0\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 cpuz135;cpuz135; \??\C:\WINDOWS.0\system32\drivers\cpuz135_x32.sys []
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files\DU Meter\DUM_XP32.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2006-09-22 4381696]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS.0\system32\DRIVERS\NETw3x32.sys [2006-09-26 1709696]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 sdbus;sdbus; C:\WINDOWS.0\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS.0\system32\DRIVERS\yk51x86.sys [2006-08-07 248832]
S3 a6zmbfs5;a6zmbfs5; C:\WINDOWS.0\system32\drivers\a6zmbfs5.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS.0\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS.0\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS.0\System32\Drivers\BTHport.sys [2008-04-13 273024]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS.0\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS.0\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS.0\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS.0\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2009-03-13 552052]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2006-07-20 143426]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-10-25 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Poradí mi niekto čo s tým
Stahnete MBRScan 
Přispějete na provoz fóra?