Trojan & Malware & Rootkit
Napsal: 29 úno 2012 21:43
Zdravím. Surfoval som na nete na všelijakých pofidérnych stránkach lebo som hľadal jeden film a zrazu mi preblikla BSOD a notebook sa reštartoval... Po reštarte mi potom Avast hlásil trojana (dal ho do truhly), ale teraz mi ho hlási každú chvíľu...
Dal som spraviť test priečinku Documents and Settings, kde hlási tie hrozby a našlo to dva rootkity a dvoch trojanov. Dal som ich odstrániť ale stále mi tu vyhadzuje to isté...
Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2012-02-28 20:33:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 976 MB (5%) free of 20 GB
Total RAM: 1022 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:32, on 28.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Noční obloha\vesmir.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
D:\RSIT.exe
C:\Program Files\trend micro\Roman.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [AllMyNotes] C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe -autostartup
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Vesmír na dlani.lnk = ?
O4 - Global Startup: Windchill ProductPoint Client Manager.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Roman\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Roman\Desktop\PartyPoker.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {000168A3-4EF2-49DD-B7BD-595E8C394B31} - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 7479 bytes
======Scheduled tasks folder======
C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-813497703-1417001333-1003.job
C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-813497703-1417001333-1003.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\9iqm5760.default
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\WINDOWS.0\system32\TVUAx\npTVUAx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13]
"Description"=15.0.1.13
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
nprjplug.dll
nprpjplug.dll
npvsharetvplg.dll
nsjsrealplayerplugin.xpt
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\9iqm5760.default\extensions\
customizable-shortcuts@timtaubert.de
firefox@tvunetworks.com
superstart@enjoyfreeware.org
vshare@toolbar
{5384767E-00D9-40E9-B72F-9CC39D655D6F}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-01-04 425680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2006-07-20 7581696]
"RTHDCPL"=C:\WINDOWS.0\RTHDCPL.EXE [2006-09-22 16236032]
"SkyTel"=C:\WINDOWS.0\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS.0\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Bonus.SSR.FR10"=C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2009-12-20 941320]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-01-04 296056]
"KernelFaultCheck"=C:\WINDOWS.0\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]
"AllMyNotes"=C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe [2011-05-12 2705672]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2009-03-13 1216931]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2011-08-12 2433024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-10-12 5810128]
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup
Windchill ProductPoint Client Manager.lnk - C:\WINDOWS.0\Installer\{D27AB79F-B1B3-49E1-97E7-94E30882F01F}\_112AFB1E788558580027CB.exe
C:\Documents and Settings\Roman\Start Menu\Programs\Startup
Vesmír na dlani.lnk - C:\Program Files\Noční obloha\vesmir.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS.0\system32\antiwpa.dll [2003-05-25 60416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\ApexDC\ApexDC\ApexDC.exe"="D:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"D:\HRY\Vietcong\vietcong.exe"="D:\HRY\Vietcong\vietcong.exe:*:Enabled:vietcong"
"F:\ApexDC\ApexDC\ApexDC.exe"="F:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:3\ApexDC\ApexDC\ApexDC.exe"="C:3\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:6\ApexDC\ApexDC\ApexDC.exe"="C:6\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"E:\Revolt\Revolt (full game)+Hamachi_by_punksoul\Revolt (full game)+Hamachi\REVOLT - FULL GAME\revolt.exe"="E:\Revolt\Revolt (full game)+Hamachi_by_punksoul\Revolt (full game)+Hamachi\REVOLT - FULL GAME\revolt.exe:*:Disabled:revolt"
"C:\WINDOWS.0\system32\dplaysvr.exe"="C:\WINDOWS.0\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:3\Flatout 2\FlatOut 2\flatout2.exe"="C:3\Flatout 2\FlatOut 2\flatout2.exe:*:Enabled:flatout2.exe"
"D:3\ApexDC\ApexDC\ApexDC.exe"="D:3\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"E:\FIFA11\Game\fifa.exe"="E:\FIFA11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Documents and Settings\Roman\Application Data\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\Roman\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"G:\ApexDC\ApexDC\ApexDC.exe"="G:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Frankie Dettori Racing - Melbourne Cup Challenge\Racing.exe"="C:\Program Files\Frankie Dettori Racing - Melbourne Cup Challenge\Racing.exe:*:Enabled:Frankie Dettori Racing - Melbourne Cup Challenge"
"C:\Program Files\proeWildfire 5.0\i486_nt\obj\xtop.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 5.0\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 5.0\i486_nt\nms\nmsd.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:9\ApexDC\ApexDC\ApexDC.exe"="C:9\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\proeWildfire 4.0\i486_nt\nms\nmsd.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 4.0\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 4.0\i486_nt\obj\xtop.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"D:5\ApexDC\ApexDC\ApexDC.exe"="D:5\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:0\ApexDC\ApexDC\ApexDC.exe"="C:0\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"D:2\ApexDC\ApexDC\ApexDC.exe"="D:2\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe"="C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe:*:Enabled:WorldWide Telescope"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"D:0\ApexDC\ApexDC\ApexDC.exe"="D:0\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"H:\ApexDC\ApexDC\ApexDC.exe"="H:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ApexDC++\ApexDC.exe"="C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"X:\ApexDC\ApexDC\ApexDC.exe"="X:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe"="C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe:*:Enabled:Java(TM) Platform SE binary"
"C:5\ApexDC\ApexDC\ApexDC.exe"="C:5\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:8\ApexDC\ApexDC\ApexDC.exe"="C:8\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"D:4\ApexDC\ApexDC\ApexDC.exe"="D:4\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:4\ApexDC\ApexDC\ApexDC.exe"="C:4\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"X:\ApexDC++\ApexDC.exe"="X:\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"E:\Install\ApexDC\ApexDC\ApexDC.exe"="E:\Install\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"D:\HRY\Pocket Tanks Deluxe\pockettanks.exe"="D:\HRY\Pocket Tanks Deluxe\pockettanks.exe:*:Enabled:Pocket Tanks"
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player"
"C:\Program Files\Doxxbet\pokerclient\Doxxbet.exe"="C:\Program Files\Doxxbet\pokerclient\Doxxbet.exe:*:Enabled:Poker Client Software"
"C:1\ApexDC\ApexDC\ApexDC.exe"="C:1\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:7\ApexDC\ApexDC\ApexDC.exe"="C:7\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:2\ApexDC\ApexDC\ApexDC.exe"="C:2\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"F:\ApexDC++\ApexDC.exe"="F:\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\ApexDC\ApexDC.exe"="F:\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
"X:\VirtuaTennis\Virtua Tennis\vtennis\VIRTUA_TENNIS_PC.exe"="X:\VirtuaTennis\Virtua Tennis\vtennis\VIRTUA_TENNIS_PC.exe:*:Enabled:VIRTUA_TENNIS_PC"
"C:\WINDOWS.0\system32\dpnsvr.exe"="C:\WINDOWS.0\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS.0\system32\iac25_32.ax
"vidc.iv50"=C:\PROGRA~1\SPlayer\ir50_32.dll
"msacm.l3acm"=C:\WINDOWS.0\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"VIDC.CSM0"=CSMX.dll
======File associations======
.scr - open - "C:\WINDOWS.0\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2012-02-28 20:33:20 ----D---- C:\rsit
======List of files/folders modified in the last 1 month======
2012-02-28 20:33:27 ----D---- C:\WINDOWS.0\Prefetch
2012-02-28 20:33:25 ----D---- C:\Program Files\trend micro
2012-02-28 20:29:34 ----D---- C:\WINDOWS.0\system32
2012-02-28 20:29:34 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2012-02-28 20:25:36 ----D---- C:\WINDOWS.0\Temp
2012-02-28 20:24:44 ----D---- C:\WINDOWS.0
2012-02-28 20:21:57 ----D---- C:\Program Files\Mozilla Firefox
2012-02-28 16:42:13 ----D---- C:\Program Files\ABBYY FineReader 10
2012-02-27 22:35:07 ----D---- C:\Documents and Settings\Roman\Application Data\AIMP
2012-02-26 22:11:09 ----D---- C:\WINDOWS.0\system32\CatRoot2
2012-02-23 10:57:38 ----D---- C:\Documents and Settings\Roman\Application Data\Microgaming
2012-02-20 21:06:44 ----D---- C:\bwinPoker JPC
2012-02-18 19:40:14 ----D---- C:\Program Files\PokerStars
2012-02-16 10:40:41 ----D---- C:\Program Files\PartyGaming
2012-02-15 00:54:04 ----D---- C:\Documents and Settings\Roman\Application Data\vlc
2012-02-13 15:12:19 ----D---- C:\Program Files\Foxit Software
2012-02-05 08:05:38 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2012-02-02 20:12:38 ----D---- C:\Program Files\Opera
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sptd;sptd; C:\WINDOWS.0\System32\Drivers\sptd.sys [2010-11-14 436792]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS.0\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswRdr;aswRdr; C:\WINDOWS.0\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS.0\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS.0\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS.0\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS.0\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS.0\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS.0\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 cpuz135;cpuz135; \??\C:\WINDOWS.0\system32\drivers\cpuz135_x32.sys []
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files\DU Meter\DUM_XP32.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2006-09-22 4381696]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS.0\system32\DRIVERS\NETw3x32.sys [2006-09-26 1709696]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 sdbus;sdbus; C:\WINDOWS.0\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS.0\system32\DRIVERS\yk51x86.sys [2006-08-07 248832]
S3 a6zmbfs5;a6zmbfs5; C:\WINDOWS.0\system32\drivers\a6zmbfs5.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS.0\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS.0\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS.0\System32\Drivers\BTHport.sys [2008-04-13 273024]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS.0\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS.0\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS.0\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS.0\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2009-03-13 552052]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2006-07-20 143426]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-10-25 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Poradí mi niekto čo s tým
Dal som spraviť test priečinku Documents and Settings, kde hlási tie hrozby a našlo to dva rootkity a dvoch trojanov. Dal som ich odstrániť ale stále mi tu vyhadzuje to isté...
Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2012-02-28 20:33:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 976 MB (5%) free of 20 GB
Total RAM: 1022 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:32, on 28.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS.0\explorer.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Noční obloha\vesmir.exe
C:\PROGRA~1\DUMETE~1\DUMeter.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
D:\RSIT.exe
C:\Program Files\trend micro\Roman.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [AllMyNotes] C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe -autostartup
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Vesmír na dlani.lnk = ?
O4 - Global Startup: Windchill ProductPoint Client Manager.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Roman\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Roman\Desktop\PartyPoker.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Unibet - {000168A3-4EF2-49DD-B7BD-595E8C394B31} - C:\Microgaming\Poker\unibetpokerMPP\MPPoker.exe (HKCU)
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS.0\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS.0\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 CE Licensing Service (ABBYY.Licensing.FineReader.Corporate.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
--
End of file - 7479 bytes
======Scheduled tasks folder======
C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-813497703-1417001333-1003.job
C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-813497703-1417001333-1003.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\9iqm5760.default
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\WINDOWS.0\system32\TVUAx\npTVUAx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13]
"Description"=15.0.1.13
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
nprjplug.dll
nprpjplug.dll
npvsharetvplg.dll
nsjsrealplayerplugin.xpt
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\9iqm5760.default\extensions\
customizable-shortcuts@timtaubert.de
firefox@tvunetworks.com
superstart@enjoyfreeware.org
vshare@toolbar
{5384767E-00D9-40E9-B72F-9CC39D655D6F}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-01-04 425680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}]
IE5BarLauncherBHO Class - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - VShareToolBar - C:\Program Files\vShare.tv plugin\BarLcher.dll [2011-09-22 177712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2006-07-20 7581696]
"RTHDCPL"=C:\WINDOWS.0\RTHDCPL.EXE [2006-09-22 16236032]
"SkyTel"=C:\WINDOWS.0\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS.0\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-11 53248]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-05-10 3459712]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Bonus.SSR.FR10"=C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2009-12-20 941320]
"TkBellExe"=C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-01-04 296056]
"KernelFaultCheck"=C:\WINDOWS.0\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]
"AllMyNotes"=C:\Program Files\AllMyNotes Organizer\AllMyNotes.exe [2011-05-12 2705672]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2009-03-13 1216931]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2011-08-12 2433024]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-10-12 5810128]
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup
Windchill ProductPoint Client Manager.lnk - C:\WINDOWS.0\Installer\{D27AB79F-B1B3-49E1-97E7-94E30882F01F}\_112AFB1E788558580027CB.exe
C:\Documents and Settings\Roman\Start Menu\Programs\Startup
Vesmír na dlani.lnk - C:\Program Files\Noční obloha\vesmir.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Antiwpa]
C:\WINDOWS.0\system32\antiwpa.dll [2003-05-25 60416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\ApexDC\ApexDC\ApexDC.exe"="D:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"D:\HRY\Vietcong\vietcong.exe"="D:\HRY\Vietcong\vietcong.exe:*:Enabled:vietcong"
"F:\ApexDC\ApexDC\ApexDC.exe"="F:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:3\ApexDC\ApexDC\ApexDC.exe"="C:3\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:6\ApexDC\ApexDC\ApexDC.exe"="C:6\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"E:\Revolt\Revolt (full game)+Hamachi_by_punksoul\Revolt (full game)+Hamachi\REVOLT - FULL GAME\revolt.exe"="E:\Revolt\Revolt (full game)+Hamachi_by_punksoul\Revolt (full game)+Hamachi\REVOLT - FULL GAME\revolt.exe:*:Disabled:revolt"
"C:\WINDOWS.0\system32\dplaysvr.exe"="C:\WINDOWS.0\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:3\Flatout 2\FlatOut 2\flatout2.exe"="C:3\Flatout 2\FlatOut 2\flatout2.exe:*:Enabled:flatout2.exe"
"D:3\ApexDC\ApexDC\ApexDC.exe"="D:3\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"E:\FIFA11\Game\fifa.exe"="E:\FIFA11\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Documents and Settings\Roman\Application Data\GameRanger\GameRanger\GameRanger.exe"="C:\Documents and Settings\Roman\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger"
"G:\ApexDC\ApexDC\ApexDC.exe"="G:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Frankie Dettori Racing - Melbourne Cup Challenge\Racing.exe"="C:\Program Files\Frankie Dettori Racing - Melbourne Cup Challenge\Racing.exe:*:Enabled:Frankie Dettori Racing - Melbourne Cup Challenge"
"C:\Program Files\proeWildfire 5.0\i486_nt\obj\xtop.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 5.0\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 5.0\i486_nt\nms\nmsd.exe"="C:\Program Files\proeWildfire 5.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:9\ApexDC\ApexDC\ApexDC.exe"="C:9\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\proeWildfire 4.0\i486_nt\nms\nmsd.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\nms\nmsd.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 4.0\i486_nt\obj\pro_comm_msg.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\obj\pro_comm_msg.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"C:\Program Files\proeWildfire 4.0\i486_nt\obj\xtop.exe"="C:\Program Files\proeWildfire 4.0\i486_nt\obj\xtop.exe:*:Enabled:Pro/ENGINEER Wildfire from PTC"
"D:5\ApexDC\ApexDC\ApexDC.exe"="D:5\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:0\ApexDC\ApexDC\ApexDC.exe"="C:0\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"D:2\ApexDC\ApexDC\ApexDC.exe"="D:2\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe"="C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe:*:Enabled:WorldWide Telescope"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"D:0\ApexDC\ApexDC\ApexDC.exe"="D:0\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"H:\ApexDC\ApexDC\ApexDC.exe"="H:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\ApexDC++\ApexDC.exe"="C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"X:\ApexDC\ApexDC\ApexDC.exe"="X:\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe"="C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe:*:Enabled:Java(TM) Platform SE binary"
"C:5\ApexDC\ApexDC\ApexDC.exe"="C:5\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:8\ApexDC\ApexDC\ApexDC.exe"="C:8\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"D:4\ApexDC\ApexDC\ApexDC.exe"="D:4\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:4\ApexDC\ApexDC\ApexDC.exe"="C:4\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"X:\ApexDC++\ApexDC.exe"="X:\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"E:\Install\ApexDC\ApexDC\ApexDC.exe"="E:\Install\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox"
"D:\HRY\Pocket Tanks Deluxe\pockettanks.exe"="D:\HRY\Pocket Tanks Deluxe\pockettanks.exe:*:Enabled:Pocket Tanks"
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player"
"C:\Program Files\Doxxbet\pokerclient\Doxxbet.exe"="C:\Program Files\Doxxbet\pokerclient\Doxxbet.exe:*:Enabled:Poker Client Software"
"C:1\ApexDC\ApexDC\ApexDC.exe"="C:1\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:7\ApexDC\ApexDC\ApexDC.exe"="C:7\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"C:2\ApexDC\ApexDC\ApexDC.exe"="C:2\ApexDC\ApexDC\ApexDC.exe:*:Enabled:ApexDC.exe"
"F:\ApexDC++\ApexDC.exe"="F:\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"F:\ApexDC\ApexDC.exe"="F:\ApexDC\ApexDC.exe:*:Enabled:ApexDC++"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
"X:\VirtuaTennis\Virtua Tennis\vtennis\VIRTUA_TENNIS_PC.exe"="X:\VirtuaTennis\Virtua Tennis\vtennis\VIRTUA_TENNIS_PC.exe:*:Enabled:VIRTUA_TENNIS_PC"
"C:\WINDOWS.0\system32\dpnsvr.exe"="C:\WINDOWS.0\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Veetle\Player\VeetleNet.exe"="C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS.0\system32\iac25_32.ax
"vidc.iv50"=C:\PROGRA~1\SPlayer\ir50_32.dll
"msacm.l3acm"=C:\WINDOWS.0\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.ac3filter"=ac3filter.acm
"VIDC.CSM0"=CSMX.dll
======File associations======
.scr - open - "C:\WINDOWS.0\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2012-02-28 20:33:20 ----D---- C:\rsit
======List of files/folders modified in the last 1 month======
2012-02-28 20:33:27 ----D---- C:\WINDOWS.0\Prefetch
2012-02-28 20:33:25 ----D---- C:\Program Files\trend micro
2012-02-28 20:29:34 ----D---- C:\WINDOWS.0\system32
2012-02-28 20:29:34 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2012-02-28 20:25:36 ----D---- C:\WINDOWS.0\Temp
2012-02-28 20:24:44 ----D---- C:\WINDOWS.0
2012-02-28 20:21:57 ----D---- C:\Program Files\Mozilla Firefox
2012-02-28 16:42:13 ----D---- C:\Program Files\ABBYY FineReader 10
2012-02-27 22:35:07 ----D---- C:\Documents and Settings\Roman\Application Data\AIMP
2012-02-26 22:11:09 ----D---- C:\WINDOWS.0\system32\CatRoot2
2012-02-23 10:57:38 ----D---- C:\Documents and Settings\Roman\Application Data\Microgaming
2012-02-20 21:06:44 ----D---- C:\bwinPoker JPC
2012-02-18 19:40:14 ----D---- C:\Program Files\PokerStars
2012-02-16 10:40:41 ----D---- C:\Program Files\PartyGaming
2012-02-15 00:54:04 ----D---- C:\Documents and Settings\Roman\Application Data\vlc
2012-02-13 15:12:19 ----D---- C:\Program Files\Foxit Software
2012-02-05 08:05:38 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2012-02-02 20:12:38 ----D---- C:\Program Files\Opera
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 sptd;sptd; C:\WINDOWS.0\System32\Drivers\sptd.sys [2010-11-14 436792]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS.0\system32\drivers\Aavmker4.sys [2011-05-10 30808]
R1 aswRdr;aswRdr; C:\WINDOWS.0\system32\drivers\aswRdr.sys [2011-05-10 25432]
R1 aswSnx;aswSnx; C:\WINDOWS.0\system32\drivers\aswSnx.sys [2011-05-10 441176]
R1 aswSP;aswSP; C:\WINDOWS.0\system32\drivers\aswSP.sys [2011-05-10 307928]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS.0\system32\drivers\aswTdi.sys [2011-05-10 49240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS.0\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS.0\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS.0\system32\drivers\aswFsBlk.sys [2011-05-10 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS.0\system32\drivers\aswMon2.sys [2011-05-10 102616]
R2 cpuz135;cpuz135; \??\C:\WINDOWS.0\system32\drivers\cpuz135_x32.sys []
R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver; \??\C:\Program Files\DU Meter\DUM_XP32.SYS []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2006-09-22 4381696]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS.0\system32\DRIVERS\NETw3x32.sys [2006-09-26 1709696]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2006-07-20 3685152]
R3 sdbus;sdbus; C:\WINDOWS.0\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS.0\system32\DRIVERS\yk51x86.sys [2006-08-07 248832]
S3 a6zmbfs5;a6zmbfs5; C:\WINDOWS.0\system32\drivers\a6zmbfs5.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS.0\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS.0\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS.0\System32\Drivers\BTHport.sys [2008-04-13 273024]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS.0\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS.0\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS.0\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS.0\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 usbscan;USB Scanner Driver; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-05-10 42184]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2009-03-13 552052]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2006-07-20 143426]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-10-25 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Poradí mi niekto čo s tým
Stahnete MBRScan 
