VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojsky kun

https://forum.viry.cz:443/viewtopic.php?t=96626

Stránka 1 z 1

Trojsky kun

Napsal: 23 led 2010 10:43
od markm.free
Ahoj
mam takovy problem,nod me nasel trojskyho kone a nelze odstranit, copak mam ted delat ?
zde je log z rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-23 10:40:38
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 17 GB (50%) free of 35 GB
Total RAM: 1023 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:04, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
F:\PROGRAMY 2\Ad aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Webteh\BSplayer\bsplayer.exe
C:\Documents and Settings\Marek\Plocha\PROGRAMY\VIRY\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Marek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btjunkie.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\PROGRAMY 2\SnagIt\SnagItBHO.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\PROGRAMY 2\SnagIt\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ErgoMedia] C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MsWerr] RUNDLL32.EXE C:\WINDOWS\system32\xm1985.dll,w
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0612892546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0614001109
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\PROGRAMY 2\Ad aware\aawservice.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10651 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - F:\PROGRAMY 2\SnagIt\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - F:\PROGRAMY 2\SnagIt\SnagItIEAddin.dll [2007-05-01 161352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"Gainward"=C:\WINDOWS\TBPanel.exe [2006-09-14 2162688]
"CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2006-05-23 81920]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-03-14 949376]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"ErgoMedia"=C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe [2005-06-28 1855488]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2004-11-22 180224]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"MsWerr"=C:\WINDOWS\system32\xm1985.dll [2009-12-13 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-07-22 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"F:\GAMES\Dragon Age\bin_ship\daorigins.exe"="F:\GAMES\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"F:\GAMES\Dragon Age\DAOriginsLauncher.exe"="F:\GAMES\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"F:\GAMES\Dragon Age\bin_ship\daupdatersvc.service.exe"="F:\GAMES\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-23 10:40:38 ----D---- C:\rsit
2009-12-30 19:54:52 ----D---- C:\Documents and Settings\Marek\Data aplikací\DivX

======List of files/folders modified in the last 1 months======

2010-01-23 10:40:17 ----D---- C:\WINDOWS\Prefetch
2010-01-23 10:39:10 ----A---- C:\WINDOWS\DFC.INI
2010-01-23 10:36:28 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-23 10:05:11 ----D---- C:\Program Files\Mozilla Firefox
2010-01-23 09:54:48 ----D---- C:\WINDOWS\TEMP
2010-01-23 01:02:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-22 14:57:01 ----D---- C:\Download azureus
2010-01-22 14:57:01 ----D---- C:\Documents and Settings\Marek\Data aplikací\Azureus
2010-01-20 19:58:39 ----D---- C:\WINDOWS\system32
2010-01-15 18:02:04 ----D---- C:\Documents and Settings\Marek\Data aplikací\XnView
2010-01-15 10:44:25 ----D---- C:\WINDOWS
2010-01-08 15:39:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-08 14:12:22 ----D---- C:\Program Files\ICQToolbar
2010-01-06 19:16:34 ----D---- C:\WINDOWS\Minidump
2009-12-30 20:01:57 ----RD---- C:\Program Files
2009-12-30 20:01:28 ----SHD---- C:\WINDOWS\Installer
2009-12-30 20:01:28 ----D---- C:\WINDOWS\WinSxS
2009-12-30 20:01:28 ----AD---- C:\Program Files\Common Files
2009-12-30 20:01:07 ----SHD---- C:\Config.Msi
2009-12-30 15:53:31 ----D---- C:\Program Files\ICQ6.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-03-14 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-03-14 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-13 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-13 25888]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-03-12 197908]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-03-12 10405]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-03-12 34422]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
R3 YiRuanUSB;YiRuan device driver for 4d; C:\WINDOWS\system32\DRIVERS\yrtumdriver.sys [2005-05-20 5760]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys []
S3 aeoazone;aeoazone; C:\WINDOWS\system32\drivers\aeoazone.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 mbr;mbr; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 sfcure01;StarForce Cure Driver (version 1.x); C:\WINDOWS\System32\drivers\sfcure01.sys [2005-10-08 3584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; F:\PROGRAMY 2\Ad aware\aawservice.exe [2008-09-09 611664]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-03-14 552064]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2006-05-23 86016]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-06 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-06 189072]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

Re: Trojsky kun

Napsal: 23 led 2010 11:31
od markm.free
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.01.23 PWS.Win32!IK
AhnLab-V3 5.0.0.2 2010.01.22 -
AntiVir 7.9.1.146 2010.01.22 TR/Spy.Gen
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.23 -
Avast 4.8.1351.0 2010.01.22 -
AVG 9.0.0.730 2010.01.23 -
BitDefender 7.2 2010.01.23 -
CAT-QuickHeal 10.00 2010.01.22 -
ClamAV 0.94.1 2010.01.22 Worm.Koobface-248
Comodo 3680 2010.01.23 -
DrWeb 5.0.1.12222 2010.01.23 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7255 2010.01.22 -
F-Prot 4.5.1.85 2010.01.22 -
F-Secure 9.0.15370.0 2010.01.23 -
Fortinet 4.0.14.0 2010.01.23 W32/DllHook.A
GData 19 2010.01.23 -
Ikarus T3.1.1.80.0 2010.01.23 PWS.Win32
Jiangmin 13.0.900 2010.01.23 -
K7AntiVirus 7.10.952 2010.01.22 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2010.01.23 -
McAfee 5869 2010.01.22 -
McAfee+Artemis 5869 2010.01.22 Artemis!81849C1264F1
McAfee-GW-Edition 6.8.5 2010.01.23 Trojan.Spy.Gen
Microsoft 1.5405 2010.01.23 PWS:Win32/OnLineGames.GL
NOD32 4798 2010.01.22 -
Norman 6.04.03 2010.01.23 -
nProtect 2009.1.8.0 2010.01.23 Trojan/W32.Agent2.57344.W
Panda 10.0.2.2 2010.01.22 Trj/CI.A
PCTools 7.0.3.5 2010.01.23 Trojan.Generic
Prevx 3.0 2010.01.23 High Risk Fraudulent Security Program
Rising 22.31.04.04 2010.01.22 Trojan.Win32.Generic.51F3874A
Sophos 4.50.0 2010.01.23 Mal/DllHook-A
Sunbelt 3.2.1858.2 2010.01.23 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.01.23 Trojan Horse
TheHacker 6.5.0.9.160 2010.01.23 -
TrendMicro 9.120.0.1004 2010.01.23 TSPY_ONLINEG.SMQ
VBA32 3.12.12.1 2010.01.21 -
ViRobot 2010.1.22.2151 2010.01.22 -
VirusBuster 5.0.21.0 2010.01.22 -
Rozšiřující informace
File size: 57344 bytes
MD5...: 81849c1264f1e1d71083bf83bd3d7a05
SHA1..: 6a04b4fb8d7297348480e04a5ff5f3c0847e34cc
SHA256: 54704b2749695fb27eab669289ebc36ec80d8e25566004e9cf69e52298a177e1
ssdeep: 768:aDgpXzZ0oy6xFwCodX0nKYljNFnToIf1QPI2oae2:4KZ0oNFfoZ09HFnToIf
J2oV
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x6861
timedatestamp.....: 0x4b20c021 (Thu Dec 10 09:32:17 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5ed4 0x6000 6.65 890b4843c3897c2a800cf7b01d12af71
.rdata 0x7000 0x32a4 0x4000 6.23 d8f4fa71d63ea367b332c2b8ccb6a686
.data 0xb000 0x3588 0x1000 1.07 6461b81acbd32837e2609b47d5dd6df6
.rsrc 0xf000 0x360 0x1000 0.91 00a3101021ea660b70336cad40ceceb1
.reloc 0x10000 0x3ce 0x1000 1.76 56972a9c57e97f74ca6cebbb8ea700cc

( 5 imports )
> KERNEL32.dll: GetCurrentProcess, GetModuleFileNameA, DeleteFileA, GetFileAttributesA, LoadLibraryA, CloseHandle, GetBinaryTypeA, GetTickCount, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, CreateThread, GetTempPathA, Sleep, GetModuleHandleA, GetProcAddress, lstrcmpiA, GetVersionExA, WinExec, GetSystemInfo, GetStringTypeW, GetStringTypeA
> USER32.dll: wsprintfA, GetSystemMetrics, CallNextHookEx, DispatchMessageA, TranslateMessage, GetMessageA, SetWindowsHookExA, CharLowerA
> ADVAPI32.dll: RegSetValueExA, RegQueryValueExA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegCloseKey, RegCreateKeyA
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: fclose, _adjust_fdiv, _initterm, _access, rename, strncmp, strchr, atoi, __2@YAPAXI@Z, memset, sprintf, strlen, strcpy, memcpy, _except_handler3, strstr, fgets, fopen, free, malloc, strcat, _splitpath

( 5 exports )
AR, DelFuc, GetVer, HTTPSendStrFun, w
RDS...: NSRL Reference Data Set
-
<a href='http://info.prevx.com/aboutprogramtext. ... 00D8AE596D' target='_blank'>http://info.prevx.com/aboutprogramtext. ... 8AE596D</a>
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: ____
copyright....: ____(C) 2009
product......: ____ DLL
description..: DLL
original name: DLL.dll
internal name: DLL
file version.: 1, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned


uf,snad jsem to zkopiroval spravne

Re: Trojsky kun

Napsal: 23 led 2010 12:05
od markm.free
takze tady je log z toho OTM :

All processes killed
========== PROCESSES ==========
No active process named Explorer.exe was found!
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\xm1985.dll
C:\WINDOWS\system32\xm1985.dll moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MsWerr deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"www.viry.cz/forum" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Marek
->Temp folder emptied: 41838068 bytes
->Temporary Internet Files folder emptied: 5811430 bytes
->Java cache emptied: 57186088 bytes
->FireFox cache emptied: 177282973 bytes
->Opera cache emptied: 1986476283 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 17035607 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2769376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 182,00 mb

Restore point Set: OTM Restore Point (64424509440)

OTM by OldTimer - Version 3.1.6.0 log created on 01232010_115157

Files moved on Reboot...

Registry entries deleted on Reboot...




a tady z toho system look:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 12:04 on 23/01/2010 by Marek (Administrator - Elevation successful)

========== service ==========

wuauserv
Automatické aktualizace
"Umožňuje stahování a instalaci aktualizací systému Windows. Pokud je tato služba zakázána, nebude možné použít funkci Automatické aktualizace ani webový server Windows Update."
Current Status: Stopped
Startup Type: Automatic
Error Control: Severe
Binary: %fystemroot%\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

bits
Služba inteligentního přenosu na pozadí
"Přenáší na pozadí data mezi klienty a servery. Pokud je služba BITS zakázána, některé funkce systému (např. Windows Update) nebudou fungovat."
Current Status: Stopped
Startup Type: Demand
Error Control: Critical
Binary: %fystemRoot%\system32\svchost.exe -k netsvcs
Group: (none)
SafeBoot:
Dependencies:
->RpcSs
Dependant Services:
(none)

-=End Of File=-

Re: Trojsky kun

Napsal: 23 led 2010 12:29
od markm.free
tak mam takovy mensi problem..ten editor registru,ten program,kde to najdu ? jsem si stahl nejakej regediter ze stahuj.cz a v tom nemuzu prepisovat ten imagepath

Re: Trojsky kun

Napsal: 23 led 2010 12:40
od markm.free
tak to uz mam hotovy..ted jsem jeste pustil NOD tak uvidim zda me ten vir znova najde..akorat se me ted pocitac nacital silene dlouho...a tady prikladam log z RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-23 12:38:59
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (57%) free of 35 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:08, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
F:\PROGRAMY 2\Ad aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Documents and Settings\Marek\Plocha\PROGRAMY\VIRY\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Marek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.viry.cz/forum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\PROGRAMY 2\SnagIt\SnagItBHO.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\PROGRAMY 2\SnagIt\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ErgoMedia] C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0612892546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0614001109
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\PROGRAMY 2\Ad aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10226 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - F:\PROGRAMY 2\SnagIt\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - F:\PROGRAMY 2\SnagIt\SnagItIEAddin.dll [2007-05-01 161352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"Gainward"=C:\WINDOWS\TBPanel.exe [2006-09-14 2162688]
"CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2006-05-23 81920]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-03-14 949376]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"ErgoMedia"=C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe [2005-06-28 1855488]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2004-11-22 180224]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-07-22 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"F:\GAMES\Dragon Age\bin_ship\daorigins.exe"="F:\GAMES\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"F:\GAMES\Dragon Age\DAOriginsLauncher.exe"="F:\GAMES\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"F:\GAMES\Dragon Age\bin_ship\daupdatersvc.service.exe"="F:\GAMES\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-23 12:38:59 ----D---- C:\rsit
2010-01-23 12:29:26 ----A---- C:\WINDOWS\REGEDITER_FAVORITES.INI
2009-12-30 19:54:52 ----D---- C:\Documents and Settings\Marek\Data aplikací\DivX

======List of files/folders modified in the last 1 months======

2010-01-23 12:38:42 ----D---- C:\WINDOWS\TEMP
2010-01-23 12:38:42 ----A---- C:\WINDOWS\DFC.INI
2010-01-23 12:36:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 12:30:17 ----SHD---- C:\Config.Msi
2010-01-23 12:30:15 ----RD---- C:\Program Files
2010-01-23 12:30:13 ----SHD---- C:\WINDOWS\Installer
2010-01-23 12:29:26 ----D---- C:\WINDOWS
2010-01-23 12:25:28 ----D---- C:\WINDOWS\Prefetch
2010-01-23 12:03:21 ----D---- C:\Program Files\Mozilla Firefox
2010-01-23 11:54:06 ----D---- C:\WINDOWS\system32
2010-01-23 10:36:28 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-22 14:57:01 ----D---- C:\Download azureus
2010-01-22 14:57:01 ----D---- C:\Documents and Settings\Marek\Data aplikací\Azureus
2010-01-15 18:02:04 ----D---- C:\Documents and Settings\Marek\Data aplikací\XnView
2010-01-08 15:39:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-08 14:12:22 ----D---- C:\Program Files\ICQToolbar
2010-01-06 19:16:34 ----D---- C:\WINDOWS\Minidump
2009-12-30 20:01:28 ----D---- C:\WINDOWS\WinSxS
2009-12-30 20:01:28 ----AD---- C:\Program Files\Common Files
2009-12-30 15:53:31 ----D---- C:\Program Files\ICQ6.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-03-14 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-03-14 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-13 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-13 25888]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-03-12 197908]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-03-12 10405]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-03-12 34422]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
R3 YiRuanUSB;YiRuan device driver for 4d; C:\WINDOWS\system32\DRIVERS\yrtumdriver.sys [2005-05-20 5760]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys []
S3 amtr0yao;amtr0yao; C:\WINDOWS\system32\drivers\amtr0yao.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 mbr;mbr; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 sfcure01;StarForce Cure Driver (version 1.x); C:\WINDOWS\System32\drivers\sfcure01.sys [2005-10-08 3584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; F:\PROGRAMY 2\Ad aware\aawservice.exe [2008-09-09 611664]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-03-14 552064]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2006-05-23 86016]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-06 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-06 189072]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

Re: Trojsky kun

Napsal: 23 led 2010 12:49
od markm.free
toolbr,ehm,co to je ? :)
a jak bych mohl profixovat programy ?
NOD jeste asi potrva,ma teprve 50%

Re: Trojsky kun

Napsal: 23 led 2010 13:11
od markm.free
tak uz zase ten NOD nasel ten vir :( co mam delat ted ? zase log z RSIT ?

Re: Trojsky kun

Napsal: 23 led 2010 13:24
od markm.free
C:\System Volume Information\_restore{F3597DB5-4887-4292-9CE6-B6EB2DCB34DF}\RP334\A0089671.exe » RAR » bot.exe - pravděpodobně varianta infiltrace Win32/PSW.WOW.NOL trojský kůň

C:\System Volume Information\_restore{F3597DB5-4887-4292-9CE6-B6EB2DCB34DF}\RP334\A0089671.exe - pravděpodobně varianta infiltrace Win32/PSW.WOW.NOL trojský kůň


tyhle dva to vzdy najde

Re: Trojsky kun

Napsal: 23 led 2010 14:23
od markm.free
tak uz me konecne NOD dojel a nic nenasel.tak to vypada ze vse je v poradku.moc dekuji za pomoc :)

Re: Trojsky kun

Napsal: 23 led 2010 14:46
od markm.free
omlouvam se, byl jsem na obede a driv jsem to nestihl zaslat...ted jdu jeste zazipovat ten otm.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-23 14:45:14
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (61%) free of 35 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:45:28, on 23.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
F:\PROGRAMY 2\Ad aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\PROGRAMY 2\The KMPlayer\KMPlayer.exe
C:\Documents and Settings\Marek\Plocha\PROGRAMY\VIRY\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Marek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.viry.cz/forum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\PROGRAMY 2\SnagIt\SnagItBHO.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\PROGRAMY 2\SnagIt\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ErgoMedia] C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0612892546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0614001109
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\PROGRAMY 2\Ad aware\aawservice.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9818 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - F:\PROGRAMY 2\SnagIt\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - F:\PROGRAMY 2\SnagIt\SnagItIEAddin.dll [2007-05-01 161352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"Gainward"=C:\WINDOWS\TBPanel.exe [2006-09-14 2162688]
"CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2006-05-23 81920]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-03-14 949376]
"ErgoMedia"=C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe [2005-06-28 1855488]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"F:\GAMES\Dragon Age\bin_ship\daorigins.exe"="F:\GAMES\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"F:\GAMES\Dragon Age\DAOriginsLauncher.exe"="F:\GAMES\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"F:\GAMES\Dragon Age\bin_ship\daupdatersvc.service.exe"="F:\GAMES\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-23 14:45:14 ----D---- C:\rsit
2010-01-23 12:29:26 ----A---- C:\WINDOWS\REGEDITER_FAVORITES.INI
2009-12-30 19:54:52 ----D---- C:\Documents and Settings\Marek\Data aplikací\DivX

======List of files/folders modified in the last 1 months======

2010-01-23 14:45:10 ----A---- C:\WINDOWS\DFC.INI
2010-01-23 13:56:44 ----D---- C:\WINDOWS\TEMP
2010-01-23 13:43:52 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-23 13:42:24 ----D---- C:\Program Files\Mozilla Firefox
2010-01-23 13:37:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 13:34:05 ----SHD---- C:\System Volume Information
2010-01-23 13:34:05 ----D---- C:\WINDOWS\system32\Restore
2010-01-23 12:57:37 ----SHD---- C:\WINDOWS\Installer
2010-01-23 12:57:32 ----SHD---- C:\Config.Msi
2010-01-23 12:30:15 ----RD---- C:\Program Files
2010-01-23 12:29:26 ----D---- C:\WINDOWS
2010-01-23 12:25:28 ----D---- C:\WINDOWS\Prefetch
2010-01-23 11:54:06 ----D---- C:\WINDOWS\system32
2010-01-22 14:57:01 ----D---- C:\Download azureus
2010-01-22 14:57:01 ----D---- C:\Documents and Settings\Marek\Data aplikací\Azureus
2010-01-15 18:02:04 ----D---- C:\Documents and Settings\Marek\Data aplikací\XnView
2010-01-08 15:39:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-08 14:12:22 ----D---- C:\Program Files\ICQToolbar
2010-01-06 19:16:34 ----D---- C:\WINDOWS\Minidump
2009-12-30 20:01:28 ----D---- C:\WINDOWS\WinSxS
2009-12-30 20:01:28 ----AD---- C:\Program Files\Common Files
2009-12-30 15:53:31 ----D---- C:\Program Files\ICQ6.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-03-14 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-03-14 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-13 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-13 25888]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-03-12 197908]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-03-12 10405]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-03-12 34422]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 YiRuanUSB;YiRuan device driver for 4d; C:\WINDOWS\system32\DRIVERS\yrtumdriver.sys [2005-05-20 5760]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys []
S3 aw4tti10;aw4tti10; C:\WINDOWS\system32\drivers\aw4tti10.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 mbr;mbr; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 sfcure01;StarForce Cure Driver (version 1.x); C:\WINDOWS\System32\drivers\sfcure01.sys [2005-10-08 3584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; F:\PROGRAMY 2\Ad aware\aawservice.exe [2008-09-09 611664]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-03-14 552064]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2006-05-23 86016]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-06 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-06 189072]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

Re: Trojsky kun

Napsal: 24 led 2010 10:59
od markm.free
omlouvam se, vcera jsem si skocil na jedno a az ted jsem si vzpomnel na pocitac. udelal jsem vse jak bylo vyse napsano, ale pocitac se zrychlil snad jen nepatrne,nacitani do windowsu se zrychlilo tak o vterinu,max dve.ale aspon ze uz tu nemam ten vir :) . zde priklad jeste ten log z rsit :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marek at 2010-01-24 10:58:22
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 22 GB (63%) free of 35 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:27, on 24.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marek\Plocha\PROGRAMY\VIRY\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Marek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.viry.cz/forum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ErgoMedia] C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0612892546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0614001109
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7264 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"Gainward"=C:\WINDOWS\TBPanel.exe [2006-09-14 2162688]
"CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2006-05-23 81920]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2005-03-05 2573536]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-03-14 949376]
"ErgoMedia"=C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe [2005-06-28 1855488]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"F:\GAMES\Dragon Age\bin_ship\daorigins.exe"="F:\GAMES\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"F:\GAMES\Dragon Age\DAOriginsLauncher.exe"="F:\GAMES\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"F:\GAMES\Dragon Age\bin_ship\daupdatersvc.service.exe"="F:\GAMES\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-24 10:58:22 ----D---- C:\rsit
2010-01-23 12:29:26 ----A---- C:\WINDOWS\REGEDITER_FAVORITES.INI
2009-12-30 19:54:52 ----D---- C:\Documents and Settings\Marek\Data aplikací\DivX

======List of files/folders modified in the last 1 months======

2010-01-24 10:57:51 ----D---- C:\Program Files\CCleaner
2010-01-24 10:57:07 ----D---- C:\WINDOWS
2010-01-24 10:56:06 ----D---- C:\WINDOWS\Prefetch
2010-01-24 10:55:28 ----D---- C:\WINDOWS\TEMP
2010-01-24 10:55:22 ----D---- C:\Program Files\Mozilla Firefox
2010-01-24 10:54:02 ----A---- C:\WINDOWS\DFC.INI
2010-01-24 10:52:37 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-24 10:50:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-23 19:15:47 ----RD---- C:\Program Files
2010-01-23 16:17:27 ----SHD---- C:\WINDOWS\Installer
2010-01-23 16:17:27 ----SHD---- C:\Config.Msi
2010-01-23 15:14:29 ----D---- C:\Download azureus
2010-01-23 15:09:13 ----D---- C:\WINDOWS\system32
2010-01-23 15:09:12 ----D---- C:\WINDOWS\system32\drivers
2010-01-23 15:08:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-23 13:43:52 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-23 13:34:05 ----SHD---- C:\System Volume Information
2010-01-23 13:34:05 ----D---- C:\WINDOWS\system32\Restore
2010-01-22 14:57:01 ----D---- C:\Documents and Settings\Marek\Data aplikací\Azureus
2010-01-15 18:02:04 ----D---- C:\Documents and Settings\Marek\Data aplikací\XnView
2010-01-08 15:39:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-08 14:12:22 ----D---- C:\Program Files\ICQToolbar
2010-01-06 19:16:34 ----D---- C:\WINDOWS\Minidump
2009-12-30 20:01:28 ----D---- C:\WINDOWS\WinSxS
2009-12-30 20:01:28 ----AD---- C:\Program Files\Common Files
2009-12-30 15:53:31 ----D---- C:\Program Files\ICQ6.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-18 14848]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-03-14 15424]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-03-14 512096]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-13 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-05-13 25888]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-27 5306]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2004-03-12 197908]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2004-03-12 10405]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2004-03-12 34422]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-10 3964736]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-18 60800]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-18 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-18 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-18 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-18 17024]
R3 YiRuanUSB;YiRuan device driver for 4d; C:\WINDOWS\system32\DRIVERS\yrtumdriver.sys [2005-05-20 5760]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys []
S3 ayo2d3xf;ayo2d3xf; C:\WINDOWS\system32\drivers\ayo2d3xf.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 mbr;mbr; \??\C:\DOCUME~1\Marek\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []
S3 sfcure01;StarForce Cure Driver (version 1.x); C:\WINDOWS\System32\drivers\sfcure01.sys [2005-10-08 3584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-03-14 552064]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2006-05-23 86016]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-06 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-06 189072]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2005-03-05 2573536]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]

-----------------EOF-----------------

Re: Trojsky kun

Napsal: 25 led 2010 13:02
od markm.free
tak jsem dal ten cleanup a je to vse.. heh,combofix na tomto pocitaci byl uz spousten mnohokrat.kazdej pul rok najdu nejakou havet co nejde odstranit a vzdycky na tomto foru me nekdo ochotne pomuze..sp3 tu nemam,no.jsem byl linej si ho stahnout a nainstalovat. ale tedka uz mam urcite o dost rychlejsi to nacitani,par restartu a uz to bezi skoro jako novy. kazdopadne velice dekuji za pomoc :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz