Logfile of random's system information tool 1.09 (written by random/random)
Run by pocitac at 2011-08-24 17:49:32
Microsoft Windows XP Home Edition Service Pack 3
System drive D: has 12 GB (38%) free of 30 GB
Total RAM: 1022 MB (25% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:49:39, on 24.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\Program Files\Samsung\Kies\KiesTrayAgent.exe
D:\Program Files\ICQ7.5\ICQ.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\dgdersvc.exe
D:\WINDOWS\system32\FsUsbExService.Exe
D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Martin\Programy\QIP 2010\qip.exe
C:\Martin\Dokumenty\Stažené soubory\RSIT.exe
D:\Program Files\trend micro\pocitac.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=generic
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OpwareSE2] "D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "D:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "D:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ATICustomerCare] "D:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AVG_TRAY] D:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "D:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ApnUpdater] "D:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [wxpdrv] D:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [2367554.exe] "D:\DOCUME~1\pocitac\LOCALS~1\Temp\2367554.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [KiesTrayAgent] D:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: WDDMStatus.lnk = D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG10\avgpp.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - D:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: AVGIDSAgent - Unknown owner - D:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - Unknown owner - D:\Program Files\AVG\AVG10\avgwdsvc.exe (file missing)
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - D:\WINDOWS\system32\dgdersvc.exe
O23 - Service: FsUsbExService - Teruten - D:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - D:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
--
End of file - 10697 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\Norton Security Scan for pocitac.job
D:\WINDOWS\tasks\RMSchedule.job
D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
=========Mozilla firefox=========
ProfilePath - D:\Documents and Settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\i2y8xr6y.default
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906, {20a82645-c095-46ed-80e3-08825760534b}:1.1, toolbar@ask.com:3.11.3.15590, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, extension@virtusdesigns.com:3.6.7, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17, {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91, {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.3.1&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=D:\Program Files\AVG\AVG10\Firefox4\
"avg@igeared"=D:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=D:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=d:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
D:\Program Files\Mozilla Firefox\extensions\
DTToolbar@toolbarnet.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}
D:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
D:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
D:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
D:\Documents and Settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\i2y8xr6y.default\extensions\
extension@virtusdesigns.com
radiobar@toolbar
toolbar@ask.com
{20a82645-c095-46ed-80e3-08825760534b}
{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
{800b5000-a755-47e1-992b-48a1c1357f07}
{e213bb8f-8ebd-11db-96b7-005056c00008}
D:\Documents and Settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\i2y8xr6y.default\searchplugins\
daemon-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG10\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - D:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - D:\Program Files\Ask.com\GenericAskToolbar.dll [2011-05-17 1490312]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - D:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - D:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"OpwareSE2"=D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"OPSE reminder"=D:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"NeroFilterCheck"=D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-07-04 161064]
"ATICustomerCare"=D:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"AVG_TRAY"=D:\Program Files\AVG\AVG10\avgtray.exe []
"DivXUpdate"=D:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
""= []
"ApnUpdater"=D:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"LogMeIn Hamachi Ui"=D:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]
"wxpdrv"=D:\WINDOWS\services32.exe []
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"2367554.exe"=D:\DOCUME~1\pocitac\LOCALS~1\Temp\2367554.exe []
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 98304]
"KernelFaultCheck"=D:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=D:\Program Files\uTorrent\uTorrent.exe [2010-12-27 395640]
"DAEMON Tools Lite"=D:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]
"LightScribe Control Panel"=D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"KiesTrayAgent"=D:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe [2010-01-28 3404600]
"ICQ"=D:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
WDDMStatus.lnk - D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
D:\Documents and Settings\pocitac\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.2.lnk - D:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2011-07-28 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Skype\Plugin Manager\skypePM.exe"="D:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Martin\Hry\CS 1.6\hl.exe"="C:\Martin\Hry\CS 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Martin\Hry\MotoGP2\motogp2.exe"="C:\Martin\Hry\MotoGP2\motogp2.exe:*:Enabled:motogp2"
"C:\Martin\Hry\NhL09\nhl2009.exe"="C:\Martin\Hry\NhL09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Martin\Hry\FlatOut\flatout.exe"="C:\Martin\Hry\FlatOut\flatout.exe:*:Enabled:flatout"
"D:\Documents and Settings\pocitac\Plocha\FlatOut\flatout.exe"="D:\Documents and Settings\pocitac\Plocha\FlatOut\flatout.exe:*:Enabled:flatout"
"C:\Martin\Hry\Call of Duty 2\CoD2MP_s.exe"="C:\Martin\Hry\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Documents and Settings\pocitac\Plocha\De4th - Counter-Strike 1.6\hl.exe"="D:\Documents and Settings\pocitac\Plocha\De4th - Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Martin\Hry\Mafia 2\Steam.exe"="C:\Martin\Hry\Mafia 2\Steam.exe:*:Enabled:Steam"
"C:\Martin\Hry\Far Cry 2\bin\FarCry2.exe"="C:\Martin\Hry\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry® 2"
"D:\Documents and Settings\pocitac\Plocha\Flatout 2\FlatOut\flatout.exe"="D:\Documents and Settings\pocitac\Plocha\Flatout 2\FlatOut\flatout.exe:*:Enabled:flatout"
"D:\Program Files\1C\RC Cars\RCCars.exe"="D:\Program Files\1C\RC Cars\RCCars.exe:*:Enabled:RCCars executable"
"C:\Martin\Hry\Counter-Strike 1.6\hl.exe"="C:\Martin\Hry\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\WINDOWS\system32\dpvsetup.exe"="D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\WINDOWS\system32\rundll32.exe"="D:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Martin\Hry\Lrft 4 dead 2\Left 4 dead 2\left 4 dead 2\left4dead2.exe"="C:\Martin\Hry\Lrft 4 dead 2\Left 4 dead 2\left 4 dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Martin\Hry\Mafia 2\SteamApps\lamacek858\team fortress 2\hl2.exe"="C:\Martin\Hry\Mafia 2\SteamApps\lamacek858\team fortress 2\hl2.exe:*:Enabled:hl2"
"D:\Documents and Settings\pocitac\Plocha\CS 1.6\hl.exe"="D:\Documents and Settings\pocitac\Plocha\CS 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Documents and Settings\pocitac\Plocha\De4th - The Battle for Middle-earth (tm)\game.dat"="D:\Documents and Settings\pocitac\Plocha\De4th - The Battle for Middle-earth (tm)\game.dat:*:Enabled:Battle for Middle-earth"
"C:\Martin\Hry\Pan prtsenu 2\game.dat"="C:\Martin\Hry\Pan prtsenu 2\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Martin\Hry\Pan prstenu 2-datadisk\game.dat"="C:\Martin\Hry\Pan prstenu 2-datadisk\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\Martin\Programy\QIP 2010\qip.exe"="C:\Martin\Programy\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Martin\Hry\Nová složka\prototypef.exe"="C:\Martin\Hry\Nová složka\prototypef.exe:*:Enabled:Prototype(TM)"
"D:\Program Files\Google\Google Earth\client\googleearth.exe"="D:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"D:\WINDOWS\system32\muzapp.exe"="D:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"D:\Program Files\AVG\AVG10\avgmfapx.exe"="D:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"D:\Program Files\Google\Google Earth\plugin\geplugin.exe"="D:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Martin\Hry\Mafia 2\SteamApps\lamacek858\day of defeat source\hl2.exe"="C:\Martin\Hry\Mafia 2\SteamApps\lamacek858\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Martin\Hry\CS.16 protokol 48\hl.exe"="C:\Martin\Hry\CS.16 protokol 48\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Martin\Hry\CS,16 gamesites\hl.exe"="C:\Martin\Hry\CS,16 gamesites\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\AVG\AVG10\avgdiagex.exe"="D:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostika 2011"
"D:\Program Files\AVG\AVG10\avgnsx.exe"="D:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Webový štít"
"D:\Program Files\AVG\AVG10\avgemcx.exe"="D:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Martin\Dokumenty\Stažené soubory\Flash-Player.exe"="C:\Martin\Dokumenty\Stažené soubory\Flash-Player.exe:*:Enabled:C:\Martin\Dokumenty\Stažené soubory\Flash-Player.exe"
"D:\WINDOWS\update.1\svchost.exe"="D:\WINDOWS\update.1\svchost.exe:*:Enabled:D:\WINDOWS\update.1\svchost.exe"
"D:\WINDOWS\update.tray-12-0\svchost.exe"="D:\WINDOWS\update.tray-12-0\svchost.exe:*:Enabled:D:\WINDOWS\update.tray-12-0\svchost.exe"
"D:\WINDOWS\update.2\svchost.exe"="D:\WINDOWS\update.2\svchost.exe:*:Enabled:D:\WINDOWS\update.2\svchost.exe"
"D:\Program Files\ICQ7.5\ICQ.exe"="D:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\ICQ7.5\ICQ.exe"="D:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
======List of files/folders created in the last 1 month======
2011-08-24 17:49:33 ----D---- D:\Program Files\trend micro
2011-08-24 17:49:32 ----D---- D:\rsit
2011-08-24 13:40:43 ----SD---- D:\ComboFix
2011-08-24 12:55:35 ----A---- D:\WINDOWS\zip.exe
2011-08-24 12:55:35 ----A---- D:\WINDOWS\SWXCACLS.exe
2011-08-24 12:55:35 ----A---- D:\WINDOWS\SWSC.exe
2011-08-24 12:55:35 ----A---- D:\WINDOWS\SWREG.exe
2011-08-24 12:55:35 ----A---- D:\WINDOWS\sed.exe
2011-08-24 12:55:35 ----A---- D:\WINDOWS\PEV.exe
2011-08-24 12:55:35 ----A---- D:\WINDOWS\NIRCMD.exe
2011-08-24 12:55:35 ----A---- D:\WINDOWS\MBR.exe
2011-08-24 12:55:35 ----A---- D:\WINDOWS\grep.exe
2011-08-24 12:53:23 ----D---- D:\WINDOWS\ERDNT
2011-08-24 12:53:20 ----D---- D:\Qoobox
2011-08-24 12:22:07 ----D---- D:\Documents and Settings\pocitac\Data aplikací\Malwarebytes
2011-08-24 12:21:57 ----D---- D:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-24 12:21:57 ----A---- D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-24 12:21:54 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2011-08-24 12:21:54 ----A---- D:\WINDOWS\system32\drivers\mbam.sys
2011-08-22 12:13:14 ----D---- D:\Program Files\ESET
2011-08-22 11:54:11 ----D---- D:\Program Files\ICQ7.5
2011-08-21 19:05:24 ----D---- D:\Documents and Settings\All Users\Data aplikací\ATI
2011-08-21 19:03:43 ----D---- D:\Program Files\AMD APP
2011-08-21 19:02:09 ----SHD---- D:\Config.Msi
2011-08-21 18:44:32 ----D---- D:\WINDOWS\ufa
2011-08-21 18:44:32 ----D---- D:\WINDOWS\rpcminer
2011-08-21 18:44:32 ----D---- D:\WINDOWS\phoenix
2011-08-21 18:41:53 ----A---- D:\WINDOWS\iecheck_iplist.txt
2011-08-21 18:41:38 ----HD---- D:\WINDOWS\update.7.1
2011-08-21 18:41:32 ----A---- D:\WINDOWS\unrar.exe
2011-08-21 18:41:30 ----A---- D:\WINDOWS\btc_client_iplist.txt
2011-08-21 18:41:17 ----HD---- D:\WINDOWS\update.2
2011-08-21 18:40:59 ----HD---- D:\WINDOWS\update.5.0
2011-08-21 18:40:44 ----A---- D:\WINDOWS\iplist.txt
2011-08-21 18:40:13 ----A---- D:\WINDOWS\front_ip_list.txt
2011-08-21 18:40:08 ----D---- D:\WINDOWS\av_ico
2011-08-21 18:38:09 ----HD---- D:\WINDOWS\update.1
2011-08-21 18:37:41 ----HD---- D:\WINDOWS\update.tray-12-0-lnk
2011-08-21 18:37:41 ----HD---- D:\WINDOWS\update.tray-12-0
2011-08-21 18:24:57 ----A---- D:\WINDOWS\winlog-ids.txt
2011-08-21 18:24:57 ----A---- D:\WINDOWS\winlog-dirs.txt
2011-08-10 22:54:40 ----HDC---- D:\WINDOWS\$NtUninstallKB2567680$
2011-08-10 22:54:36 ----HDC---- D:\WINDOWS\$NtUninstallKB2536276-v2$
2011-08-10 22:54:32 ----HDC---- D:\WINDOWS\$NtUninstallKB2570222$
2011-08-10 22:52:37 ----HDC---- D:\WINDOWS\$NtUninstallKB2566454$
2011-08-10 22:52:32 ----HDC---- D:\WINDOWS\$NtUninstallKB2562937$
2011-07-28 17:49:12 ----A---- D:\WINDOWS\system32\OVDecode.dll
2011-07-28 17:48:36 ----A---- D:\WINDOWS\system32\amdocl.dll
======List of files/folders modified in the last 1 month======
2011-08-24 17:49:33 ----RD---- D:\Program Files
2011-08-24 17:49:31 ----D---- D:\WINDOWS\Prefetch
2011-08-24 17:48:19 ----D---- D:\Documents and Settings\pocitac\Data aplikací\uTorrent
2011-08-24 15:08:48 ----D---- D:\WINDOWS\Temp
2011-08-24 15:08:24 ----D---- D:\Program Files\Common Files\Akamai
2011-08-24 13:45:15 ----D---- D:\WINDOWS\system32\drivers
2011-08-24 13:45:15 ----D---- D:\WINDOWS\system32
2011-08-24 13:45:15 ----D---- D:\WINDOWS\AppPatch
2011-08-24 13:45:15 ----D---- D:\WINDOWS
2011-08-24 13:45:12 ----D---- D:\Program Files\Common Files
2011-08-24 13:41:17 ----D---- D:\WINDOWS\system32\CatRoot2
2011-08-24 13:41:01 ----A---- D:\WINDOWS\SchedLgU.Txt
2011-08-24 13:13:06 ----A---- D:\WINDOWS\NeroDigital.ini
2011-08-24 13:07:03 ----D---- D:\WINDOWS\Minidump
2011-08-24 12:49:25 ----HDC---- D:\WINDOWS\$NtUninstallKB956744$
2011-08-23 20:35:04 ----AD---- D:\Documents and Settings\All Users\Data aplikací\TEMP
2011-08-22 18:18:32 ----D---- D:\Documents and Settings\pocitac\Data aplikací\ICQ
2011-08-22 18:17:09 ----D---- D:\Program Files\ICQ6Toolbar
2011-08-22 11:58:34 ----HD---- D:\Program Files\InstallShield Installation Information
2011-08-22 11:58:18 ----D---- D:\Documents and Settings\All Users\Data aplikací\ICQ
2011-08-21 19:03:44 ----SHD---- D:\WINDOWS\Installer
2011-08-21 19:03:01 ----D---- D:\Program Files\ATI Technologies
2011-08-21 19:02:27 ----RSD---- D:\WINDOWS\assembly
2011-08-21 19:02:26 ----D---- D:\WINDOWS\WinSxS
2011-08-21 19:01:13 ----RSHDC---- D:\WINDOWS\system32\dllcache
2011-08-21 19:01:02 ----D---- D:\WINDOWS\system32\ReinstallBackups
2011-08-21 19:00:59 ----HD---- D:\WINDOWS\inf
2011-08-21 19:00:57 ----DC---- D:\WINDOWS\system32\DRVSTORE
2011-08-21 18:45:27 ----SHD---- D:\System Volume Information
2011-08-21 18:45:27 ----D---- D:\WINDOWS\system32\Restore
2011-08-21 18:41:34 ----D---- D:\WINDOWS\system32\drivers\etc
2011-08-21 17:21:58 ----D---- D:\WINDOWS\system32\drivers\AVG
2011-08-17 15:11:15 ----D---- D:\Program Files\Mozilla Firefox
2011-08-11 11:31:42 ----D---- D:\WINDOWS\Microsoft.NET
2011-08-10 22:56:38 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2011-08-10 22:54:38 ----A---- D:\WINDOWS\imsins.BAK
2011-08-10 22:54:36 ----HD---- D:\WINDOWS\$hf_mig$
2011-08-10 22:53:03 ----A---- D:\WINDOWS\system32\MRT.exe
2011-08-10 22:52:55 ----D---- D:\Program Files\Internet Explorer
2011-08-02 20:43:21 ----D---- D:\Documents and Settings\pocitac\Data aplikací\Skype
2011-07-29 00:17:42 ----A---- D:\WINDOWS\system32\atiiiexx.dll
2011-07-29 00:01:36 ----A---- D:\WINDOWS\system32\aticalrt.dll
2011-07-29 00:01:30 ----A---- D:\WINDOWS\system32\aticalcl.dll
2011-07-28 23:57:54 ----A---- D:\WINDOWS\system32\aticaldd.dll
2011-07-28 23:40:22 ----A---- D:\WINDOWS\system32\atioglxx.dll
2011-07-28 23:34:58 ----A---- D:\WINDOWS\system32\ati3duag.dll
2011-07-28 23:32:10 ----A---- D:\WINDOWS\system32\ATIDEMGX.dll
2011-07-28 23:31:06 ----A---- D:\WINDOWS\system32\ati2dvag.dll
2011-07-28 23:27:30 ----A---- D:\WINDOWS\system32\ativvamv.dll
2011-07-28 23:15:32 ----A---- D:\WINDOWS\system32\ativvaxx.dll
2011-07-28 23:14:02 ----A---- D:\WINDOWS\system32\atipdlxx.dll
2011-07-28 23:13:50 ----A---- D:\WINDOWS\system32\Oemdspif.dll
2011-07-28 23:13:40 ----A---- D:\WINDOWS\system32\Ati2mdxx.exe
2011-07-28 23:13:34 ----A---- D:\WINDOWS\system32\ati2edxx.dll
2011-07-28 23:13:20 ----A---- D:\WINDOWS\system32\ati2evxx.dll
2011-07-28 23:12:06 ----A---- D:\WINDOWS\system32\ati2evxx.exe
2011-07-28 23:10:48 ----A---- D:\WINDOWS\system32\ATIDDC.DLL
2011-07-28 23:09:28 ----A---- D:\WINDOWS\system32\atiapfxx.exe
2011-07-28 23:05:36 ----A---- D:\WINDOWS\system32\atikvmag.dll
2011-07-28 23:01:08 ----A---- D:\WINDOWS\system32\atiadlxx.dll
2011-07-28 23:00:46 ----A---- D:\WINDOWS\system32\atitvo32.dll
2011-07-28 22:59:14 ----A---- D:\WINDOWS\system32\atiok3x2.dll
2011-07-28 22:55:02 ----A---- D:\WINDOWS\system32\ati2cqag.dll
2011-07-28 22:53:52 ----A---- D:\WINDOWS\system32\atimpc32.dll
2011-07-28 22:53:52 ----A---- D:\WINDOWS\system32\amdpcom32.dll
2011-07-28 22:53:18 ----A---- D:\WINDOWS\system32\drivers\ati2erec.dll
2011-07-25 17:08:54 ----A---- D:\WINDOWS\system32\mshtml.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSEH;AVGIDSEH; D:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; D:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; D:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-08-12 45648]
R0 sptd;sptd; D:\WINDOWS\System32\Drivers\sptd.sys [2010-11-27 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Avgldx86;AVG AVI Loader Driver; D:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; D:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; D:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R1 kbdhid;Ovladač klávesnice standardu HID; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-07-29 7084544]
R3 AVGIDSDriver;AVGIDSDriver; D:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; D:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; D:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 27216]
R3 dgderdrv;dgderdrv; D:\WINDOWS\System32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 FsUsbExDisk;FsUsbExDisk; \??\D:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; D:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; D:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-15 83200]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 a0uedypc;a0uedypc; D:\WINDOWS\system32\drivers\a0uedypc.sys []
S3 AmdLLD;AMD Low Level Device Driver; D:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 catchme;catchme; \??\D:\DOCUME~1\pocitac\LOCALS~1\Temp\catchme.sys []
S3 DrvAgent32;DrvAgent32; \??\D:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 GarenaPEngine;GarenaPEngine; \??\D:\DOCUME~1\pocitac\LOCALS~1\Temp\TOEB4.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Program Files\Garena\plugins\UI\safedrv.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\D:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); D:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); D:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; D:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; D:\WINDOWS\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 usbprint;Třída USB Printer; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; D:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Akamai;Akamai NetSession Interface; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2011-07-28 643072]
R2 dgdersvc;Device Error Recovery Service; D:\WINDOWS\system32\dgdersvc.exe [2009-12-22 95568]
R2 FsUsbExService;FsUsbExService; D:\WINDOWS\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
R2 ICQ Service;ICQ Service; D:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
R2 WDDMService;WD SmartWare Drive Manager; D:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; D:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]
S2 ATI Smart;ATI Smart; D:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 AVGIDSAgent;AVGIDSAgent; D:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe []
S2 avgwd;AVG WatchDog; D:\Program Files\AVG\AVG10\avgwdsvc.exe []
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-01 135664]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; D:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-01 135664]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]
S3 ServiceLayer;ServiceLayer; D:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; D:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Facebook vir - s RSIT logem.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Facebook vir - s RSIT logem.
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Facebook vir - s RSIT logem.
Malwarebytes' Anti-Malware
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.8.2011 20:41:18
mbam-log-2011-08-24 (20-41-18).txt
Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 270822
Uplynulý čas: 47 minut, 56 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\system volume information\_restore{b7ee1c59-e2a5-4ac2-b783-aa2d216edd7c}\RP242\A0056645.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fbc9bc7e-335a-442e-af2b-f80c529fd323}\RP276\A0085816.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
d:\system volume information\_restore{f03f76c0-34dd-4077-aafa-3e7da76f663d}\RP368\A0126052.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\system volume information\_restore{f03f76c0-34dd-4077-aafa-3e7da76f663d}\RP368\A0126056.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\system volume information\_restore{f03f76c0-34dd-4077-aafa-3e7da76f663d}\RP368\A0126057.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Nejsem si jistý, ale doufám že jsem to udělal dobře.
www.malwarebytes.org
Verze databáze:
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24.8.2011 20:41:18
mbam-log-2011-08-24 (20-41-18).txt
Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 270822
Uplynulý čas: 47 minut, 56 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\system volume information\_restore{b7ee1c59-e2a5-4ac2-b783-aa2d216edd7c}\RP242\A0056645.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{fbc9bc7e-335a-442e-af2b-f80c529fd323}\RP276\A0085816.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
d:\system volume information\_restore{f03f76c0-34dd-4077-aafa-3e7da76f663d}\RP368\A0126052.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\system volume information\_restore{f03f76c0-34dd-4077-aafa-3e7da76f663d}\RP368\A0126056.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
d:\system volume information\_restore{f03f76c0-34dd-4077-aafa-3e7da76f663d}\RP368\A0126057.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Nejsem si jistý, ale doufám že jsem to udělal dobře.
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Facebook vir - s RSIT logem.
Sken jste provedl správně, nicméně FB virus v PC není. To co MBAM smazal, byly viry v záloze systému. Žádný z nic nebyl spuštěn.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?