VIRY.CZ

Logfile of random's system information tool 1.09 (written by random/random)
Run by Chosé Armando at 2012-01-12 16:30:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive D: has 82 GB (80%) free of 102 GB
Total RAM: 3037 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:31:12, on 12.1.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Program Files\Ralink\Common\RaUI.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\Program Files\iTunes\iTunes.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
D:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Download Torrent\call of duty 2 cz\setup.exe
D:\WINDOWS\system32\msiexec.exe
D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
D:\WINDOWS\system32\MsiExec.exe
D:\WINDOWS\system32\MsiExec.exe
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Chosé Armando\Dokumenty\Downloads\RSIT.exe
D:\Program Files\HJT\Trend Micro\HiJackThis\Chosé Armando.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: BrowserPlugin - {1C749E08-6B62-11E0-B6DA-075F4824019B} - D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: GamePlayLabsBHO - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSERIAL] D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Facebook Update] "D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - D:\Program Files\Ralink\Common\RalinkRegistryWriter.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9017 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-746137067-413027322-682003330-1006Core.job
D:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-746137067-413027322-682003330-1006UA.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-413027322-682003330-1006Core.job
D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-413027322-682003330-1006UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C749E08-6B62-11E0-B6DA-075F4824019B}]
BrowserPlugin - D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll [2011-04-25 436864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class - D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\GamePlayLabs Plugin\BHO.dll [2011-04-25 436864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"avast5"=D:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
"IgfxTray"=D:\WINDOWS\system32\igfxtray.exe [2008-06-04 150040]
"HotKeysCmds"=D:\WINDOWS\system32\hkcmd.exe [2008-06-04 170520]
"Persistence"=D:\WINDOWS\system32\igfxpers.exe [2008-06-04 141848]
"ITSecMng"=D:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2008-09-09 16851968]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"APSDaemon"=D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2011-10-09 421736]
"SMSERIAL"=D:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2008-06-11 1454080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"=rundll32 netman.dll,ProcessQueue []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-11-21 136176]
"AlcoholAutomount"=D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
"uTorrent"=D:\Program Files\uTorrent\uTorrent.exe [2011-04-08 399736]
"Facebook Update"=D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe [2011-10-22 137536]

D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Ralink Wireless Utility.lnk - D:\Program Files\Ralink\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2008-05-21 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Winamp\winamp.exe"="D:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Paradise casino\ParadiseCasino\casino.exe"="C:\Paradise casino\ParadiseCasino\casino.exe:*:Enabled:casino"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.VP60"=D:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=D:\WINDOWS\system32\vp6vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.vorbis"=vorbis.acm

======List of files/folders created in the last 1 month======

2012-01-12 16:30:24 ----D---- D:\rsit
2012-01-12 16:27:07 ----SHD---- D:\Config.Msi
2012-01-09 23:27:53 ----D---- D:\Documents and Settings\All Users\Data aplikací\boost_interprocess
2012-01-04 07:18:25 ----D---- D:\Documents and Settings\Chosé Armando\Data aplikací\Summer Challenge
2012-01-04 07:12:20 ----D---- D:\Program Files\ProtectDisc Driver Installer
2012-01-04 07:12:00 ----D---- D:\Documents and Settings\Chosé Armando\Data aplikací\ProtectDISC
2012-01-02 16:47:12 ----D---- D:\Documents and Settings\Chosé Armando\Data aplikací\BSplayer Pro
2012-01-02 16:47:12 ----D---- D:\Documents and Settings\Chosé Armando\Data aplikací\BSplayer
2012-01-02 16:47:10 ----D---- D:\Program Files\Webteh
2011-12-13 22:18:27 ----AH---- D:\WINDOWS\system32\mlfcache.dat

======List of files/folders modified in the last 1 month======

2012-01-12 16:31:15 ----D---- D:\Documents and Settings\Chosé Armando\Data aplikací\uTorrent
2012-01-12 16:27:08 ----SHD---- D:\WINDOWS\Installer
2012-01-12 16:25:03 ----D---- D:\WINDOWS\temp
2012-01-12 15:32:56 ----HD---- D:\WINDOWS\inf
2012-01-12 07:07:22 ----D---- D:\WINDOWS\system32\CatRoot2
2012-01-12 07:07:22 ----A---- D:\WINDOWS\SchedLgU.Txt
2012-01-09 20:39:01 ----D---- D:\Program Files\PokerStars
2012-01-06 17:52:01 ----D---- D:\WINDOWS
2012-01-05 00:38:25 ----D---- D:\Program Files\ParadisePoker
2012-01-04 07:12:20 ----RD---- D:\Program Files
2012-01-04 07:12:15 ----D---- D:\WINDOWS\system32\drivers
2011-12-30 15:08:14 ----D---- D:\Documents and Settings\All Users\Data aplikací\Skype
2011-12-30 15:08:08 ----D---- D:\Documents and Settings\Chosé Armando\Data aplikací\Skype
2011-12-13 22:22:17 ----SD---- D:\Documents and Settings\Chosé Armando\Data aplikací\Microsoft
2011-12-13 22:21:34 ----AD---- D:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; D:\WINDOWS\System32\Drivers\BtHidBus.sys [2008-07-31 20616]
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2010-12-05 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; D:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; D:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; D:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; D:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tosrfcom;Bluetooth RFCOMM; D:\WINDOWS\System32\Drivers\tosrfcom.sys [2009-02-19 63872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 acedrv11;acedrv11; \??\D:\WINDOWS\system32\drivers\acedrv11.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; D:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-06-13 21361]
R2 aswFsBlk;aswFsBlk; D:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; D:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 atksgt;atksgt; D:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-08-22 281760]
R2 lirsgt;lirsgt; D:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-08-22 25888]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; D:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; D:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; D:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-05-21 6018464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-09 4813824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; D:\WINDOWS\System32\Drivers\RtsUStor.sys [2010-01-07 182304]
R3 RT80x86;Ralink 802.11n Wireless Driver; D:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-09-24 704384]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-11-27 177152]
R3 smserial;smserial; D:\WINDOWS\system32\DRIVERS\smserial.sys [2008-06-11 1097856]
R3 tosporte;Bluetooth COM Port; D:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
R3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S0 xmasscsi;xmasscsi; D:\WINDOWS\System32\Drivers\xmasscsi.sys []
S3 a8lxb1po;a8lxb1po; D:\WINDOWS\system32\drivers\a8lxb1po.sys []
S3 AmdLLD;AMD Low Level Device Driver; D:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 BT;Bluetooth PAN Network Adapter; D:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; D:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; D:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 catchme;catchme; \??\D:\DOCUME~1\Mirecek\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz132;cpuz132; \??\D:\DOCUME~1\Mirecek\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 dtscsi;dtscsi; D:\WINDOWS\System32\Drivers\dtscsi.sys [2010-11-27 223128]
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IvtBtBUs;IVT Bluetooth Bus Service; D:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RAPIProtocol;Ralink RAPI Protocol Driver; D:\WINDOWS\system32\DRIVERS\RAPIProtocol.sys [2008-08-07 16512]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfbd;Bluetooth RFBUS; D:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-10-06 137984]
S3 tosrfbnp;Bluetooth RFBNEP; D:\WINDOWS\System32\Drivers\tosrfbnp.sys [2009-05-12 36992]
S3 Tosrfhid;Bluetooth RFHID; D:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2009-03-05 74368]
S3 tosrfnds;Bluetooth Personal Area Network; D:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2009-03-12 16128]
S3 TosRfSnd;Bluetooth Audio; D:\WINDOWS\system32\drivers\tosrfsnd.sys [2009-05-14 54400]
S3 Tosrfusb;Bluetooth USB Controller; D:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2009-03-19 43264]
S3 UNDPX2A;UNDPX2A; \??\D:\WINDOWS\system32\drivers\UNDPX2A.SYS []
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; D:\WINDOWS\system32\DRIVERS\Sacm2A.sys []
S3 VComm;Virtual Serial port driver; D:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; D:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 NwSapAgent;Agent SAP; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2010-11-03 75064]
R2 RalinkRegistryWriter;Ralink Registry Writer; D:\Program Files\Ralink\Common\RalinkRegistryWriter.exe [2008-09-05 75040]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-03-17 144752]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2011-10-09 821608]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-19 136176]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Facebook Update] "D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

D:\Program Files\HJT\Trend Micro\HiJackThis\Chosé Armando.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na D:\_OTMoveIt\MovedFiles\

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder D:\*.tmp not found.
D:\WINDOWS\System32\CONFIG.TMP moved successfully.
D:\WINDOWS\System32\PerfStringBackup.TMP moved successfully.
D:\WINDOWS\System32\SET11.tmp moved successfully.
D:\WINDOWS\System32\SET13.tmp moved successfully.
D:\WINDOWS\System32\SET15.tmp moved successfully.
D:\WINDOWS\System32\SET23.tmp moved successfully.
D:\WINDOWS\System32\SET25.tmp moved successfully.
D:\WINDOWS\System32\SET31.tmp moved successfully.
D:\WINDOWS\System32\SET33.tmp moved successfully.
D:\WINDOWS\System32\SET35.tmp moved successfully.
D:\WINDOWS\System32\SET37.tmp moved successfully.
D:\WINDOWS\System32\SET3AD4.tmp moved successfully.
D:\WINDOWS\System32\SET3AD9.tmp moved successfully.
D:\WINDOWS\System32\SET6F.tmp moved successfully.
D:\WINDOWS\System32\SETB4.tmp moved successfully.
D:\WINDOWS\System32\SETB5.tmp moved successfully.
D:\WINDOWS\System32\SETB6.tmp moved successfully.
D:\WINDOWS\System32\SETB7.tmp moved successfully.
D:\WINDOWS\System32\SETBE.tmp moved successfully.
D:\WINDOWS\System32\SETBF.tmp moved successfully.
D:\WINDOWS\System32\SETC5.tmp moved successfully.
D:\WINDOWS\System32\SETC6.tmp moved successfully.
D:\WINDOWS\System32\SETC7.tmp moved successfully.
D:\WINDOWS\System32\SETC8.tmp moved successfully.
D:\WINDOWS\System32\SETE4.tmp moved successfully.
D:\WINDOWS\System32\SETF.tmp moved successfully.
D:\WINDOWS\002694_.tmp moved successfully.
D:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP folder moved successfully.
D:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP folder moved successfully.
D:\WINDOWS\SET3.tmp moved successfully.
D:\WINDOWS\SET4.tmp moved successfully.
D:\WINDOWS\SET8.tmp moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Video\Skype folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Video\Common\fb#3aac654todjzqguvtiaiw4rsfxzvdzv8gw4dle_jcn09gq55-qhgnmhdct7yreuwnbqrw folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Video\Common folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Video folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Update\Manifest\Initial folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Update\Manifest folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Update\Download folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Update\1.2.203.0 folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\Update folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook\CrashReports folder moved successfully.
D:\Documents and Settings\Chosé Armando\Local Settings\Data aplikací\Facebook folder moved successfully.
D:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-746137067-413027322-682003330-1006Core.job moved successfully.
D:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-746137067-413027322-682003330-1006UA.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chosé Armando
->Temp folder emptied: 16704471 bytes
->Temporary Internet Files folder emptied: 1015942 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 397947954 bytes
->Flash cache emptied: 7900 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 846582 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 103715195 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 496,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 01132012_084343

Files moved on Reboot...
File move failed. D:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bezva, nepořádek je pryč

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak dej vědět jaký je stav PC.