Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-07-2017
Ran by vera (administrator) on C13 (10-07-2017 21:25:39)
Running from F:\Documents and Settings\vera\Plocha
Loaded Profiles: vera (Available Profiles: u1 & vera & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 7 (Default browser: "F:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Matrox Graphics Inc.) F:\WINDOWS\system32\PDesk\pdesk.exe
(Moonchild Productions) F:\Program Files\Pale Moon\palemoon.exe
(Microsoft Corporation) F:\WINDOWS\system32\cisvc.exe
(Matrox Graphics Inc.) F:\WINDOWS\system32\mgabg.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Matrox Powerdesk] => F:\WINDOWS\system32\PDesk\PDesk.exe [684032 2006-03-02] (Matrox Graphics Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] => F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {1c8a6590-da81-11e2-95f2-0040950bb173} - V:\autorun.exe
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {3566d390-feb5-11e2-9643-0040950bb173} - V:\autorun.exe
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {85bc2740-0b28-11e2-93a3-0040950bb173} - E:\iStudio.exe
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {f9971c72-d8c6-11e2-95e9-0040950bb173} - V:\autorun.exe
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {f9971c73-d8c6-11e2-95e9-0040950bb173} - V:\autorun.exe
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {f9971c75-d8c6-11e2-95e9-0040950bb173} - V:\autorun.exe
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {f9971c77-d8c6-11e2-95e9-0040950bb173} - V:\autorun.exe
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {f9971c80-d8c6-11e2-95e9-0040950bb173} - V:\autorun.exe
HKU\S-1-5-21-1409082233-854245398-1202660629-1004\...\MountPoints2: {f9971c82-d8c6-11e2-95e9-0040950bb173} - V:\autorun.exe
HKU\S-1-5-18\...\RunOnce: [nltide_2] => regsvr32 /s /n /i:U shell32
Startup: F:\Documents and Settings\vera\Nabídka Start\Programy\Po spuštění\Pale Moon.lnk [2014-09-02]
ShortcutTarget: Pale Moon.lnk -> F:\Program Files\Pale Moon\palemoon.exe (Moonchild Productions)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.11.0.251 10.11.1.101
Tcpip\..\Interfaces\{1BE8ADFA-54DD-4A6A-A65D-C7DC2240C8BF}: [DhcpNameServer] 10.11.0.251 10.11.1.101

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKU\S-1-5-21-1409082233-854245398-1202660629-1004 -> DefaultScope {51E64F86-60CE-4D48-8429-0C89D9C5D923} URL = hxxp://search.seznam.cz/searchScreen?w={searchTerms}&mod=f
SearchScopes: HKU\S-1-5-21-1409082233-854245398-1202660629-1004 -> {51E64F86-60CE-4D48-8429-0C89D9C5D923} URL = hxxp://search.seznam.cz/searchScreen?w={searchTerms}&mod=f
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files\Java\jre6\bin\jp2ssv.dll => No File

FireFox:
========
FF ProfilePath: F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default [2017-07-09]
FF Session Restore: F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default -> is enabled.
FF Extension: (Classic Theme Restorer) - F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-07-09]
FF Extension: (Český slovník pro kontrolu pravopisu) - F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default\Extensions\cs@dictionaries.addons.mozilla.org [2017-03-03]
FF Extension: (Flagfox) - F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-07-09]
FF Extension: (Session Manager) - F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2017-03-03]
FF Extension: (Adblock Plus) - F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-03]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default\searchplugins\sfd.xml [2013-04-08]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Mozilla\Firefox\Profiles\tojhgn74.default\searchplugins\yandextranslate.xml [2013-03-27]
FF ProfilePath: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default [2017-07-10]
FF DefaultSearchEngine: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default -> Google Default
FF SelectedSearchEngine: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default -> Google Default
FF Homepage: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default -> hxxps://atlas.centrum.cz/
FF Session Restore: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default -> is enabled.
FF Extension: (Český slovník pro kontrolu pravopisu) - F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\Extensions\cs@dictionaries.addons.mozilla.org [2016-08-13]
FF Extension: (MEGA) - F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\Extensions\firefox@mega.co.nz.xpi [2017-07-09]
FF Extension: (Czech (CZ) Language Pack) - F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\Extensions\langpack-cs@palemoon.org.xpi [2016-03-23] [not signed]
FF Extension: (Adblock Latitude) - F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\Extensions\{016acf6d-e5c0-4768-9376-3763d1ad1978}.xpi [2016-02-28] [not signed]
FF Extension: (Flagfox) - F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-06-21]
FF Extension: (Session Manager) - F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-07-07]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\searchplugins\bazocz.xml [2015-10-25]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\searchplugins\google-default.xml [2014-08-19]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\searchplugins\googletranslate.xml [2014-08-19]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\searchplugins\mapycz.xml [2014-10-30]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\searchplugins\sfd.xml [2013-04-08]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\searchplugins\uloto.xml [2017-07-09]
FF SearchPlugin: F:\Documents and Settings\vera\Data aplikací\Moonchild Productions\Pale Moon\Profiles\tojhgn74.default\searchplugins\yandextranslate.xml [2013-03-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-10] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> F:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-01] ()
FF Plugin: @java.com/DTPlugin,version=10.15.2 -> F:\WINDOWS\system32\npDeployJava1.dll [2013-02-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> F:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> F:\Program Files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> F:\Program Files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> F:\Program Files\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> F:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - F:\Program Files\Mozilla FirefoxESR\firefox.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; F:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S3 AdobeFlashPlayerUpdateSvc; F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-07-01] (Adobe Systems Incorporated) [File not signed]
R2 MGABGEXE; F:\WINDOWS\system32\mgabg.exe [81920 2002-01-16] (Matrox Graphics Inc.) [File not signed]
S3 NetTimeSvc; F:\Program Files\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
S2 SkypeUpdate; C:\skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BazisVirtualCDBus; F:\WINDOWS\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-08] (SysProgs.org)
S3 eapihdrv; F:\Documents and Settings\vera\Local Settings\Temp\ehdrv.sys [135760 2017-07-10] (ESET)
R3 G200; F:\WINDOWS\System32\DRIVERS\g200mini.sys [261120 2006-02-27] (Matrox Graphics Inc.) [File not signed]
S3 gameenum; F:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 hamachi; F:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 P3; F:\WINDOWS\System32\DRIVERS\p3.sys [46592 2008-04-27] (Microsoft Corporation)
R3 rtl8139; F:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R1 Tcpip6; F:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 VIAudio; F:\WINDOWS\System32\drivers\ac97via.sys [84480 2008-04-13] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-10 21:25 - 2017-07-10 21:26 - 00012034 _____ F:\Documents and Settings\vera\Plocha\FRST.txt
2017-07-10 21:24 - 2017-07-10 21:25 - 00000000 ___DC F:\FRST
2017-07-10 21:23 - 2017-07-10 21:23 - 01782784 _____ (Farbar) F:\Documents and Settings\vera\Plocha\FRST.exe
2017-07-10 20:33 - 2017-07-10 20:43 - 00000000 ____D F:\Documents and Settings\vera\Local Settings\Data aplikací\AvgSetupLog
2017-07-10 20:33 - 2017-07-10 20:33 - 00000000 ____D F:\Documents and Settings\vera\Local Settings\Data aplikací\Avg
2017-07-10 20:33 - 2017-07-10 20:33 - 00000000 ____D F:\Documents and Settings\All Users\Data aplikací\Avg
2017-07-10 20:23 - 2017-07-10 20:23 - 15510512 _____ (TeamViewer GmbH) F:\Documents and Settings\vera\Plocha\TeamViewer_Setup.exe
2017-07-09 20:20 - 2017-07-09 21:07 - 00000000 ____D F:\Documents and Settings\All Users\Data aplikací\Package Cache

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-10 21:26 - 2001-01-01 01:04 - 00000000 ____D F:\Documents and Settings\vera\Local Settings\Temp
2017-07-10 21:25 - 2001-01-01 01:04 - 00000000 ____D F:\Documents and Settings\vera\Plocha
2017-07-10 21:18 - 2012-01-03 23:25 - 00000006 ____H F:\WINDOWS\Tasks\SA.DAT
2017-07-10 20:50 - 2001-01-01 01:04 - 00000178 ___SH F:\Documents and Settings\vera\ntuser.ini
2017-07-10 20:45 - 2012-10-01 12:51 - 00000000 ____D F:\WINDOWS\Minidump
2017-07-10 20:44 - 2001-10-25 18:00 - 00000528 _____ F:\WINDOWS\win.ini
2017-07-10 20:44 - 2001-10-25 18:00 - 00000227 _____ F:\WINDOWS\system.ini
2017-07-10 20:39 - 2012-11-09 22:43 - 00231664 ____C F:\WINDOWS\ntbtlog.txt
2017-07-10 20:37 - 2012-01-04 23:05 - 00000914 _____ F:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-07-10 20:37 - 2012-01-03 23:25 - 00032462 _____ F:\WINDOWS\SchedLgU.Txt
2017-07-10 20:33 - 2012-01-03 23:24 - 00000000 __RHD F:\Documents and Settings\All Users\Data aplikací
2017-07-10 20:33 - 2001-01-01 01:04 - 00000000 ___HD F:\Documents and Settings\vera\Local Settings\Data aplikací
2017-07-10 20:30 - 2012-11-10 01:16 - 00001852 _____ F:\WINDOWS\system32\d3d9caps.dat
2017-07-09 22:26 - 2017-03-03 18:11 - 00000000 ___DC F:\Program Files\Mozilla FirefoxESR
2017-07-09 20:42 - 2012-01-03 23:25 - 00000000 ___RD F:\Documents and Settings\All Users\Nabídka Start\Programy
2017-07-09 18:16 - 2001-10-25 18:00 - 00002206 _____ F:\WINDOWS\system32\wpa.dbl
2017-07-01 17:38 - 2012-01-04 23:05 - 00803328 _____ (Adobe Systems Incorporated) F:\WINDOWS\system32\FlashPlayerApp.exe
2017-07-01 17:38 - 2012-01-04 23:05 - 00144896 _____ (Adobe Systems Incorporated) F:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-07-01 17:37 - 2012-01-03 23:14 - 00000000 ____D F:\WINDOWS\system32\Macromed

==================== Files in the root of some directories =======

2013-03-27 16:54 - 2016-05-07 19:53 - 0000600 ____C () F:\Documents and Settings\vera\Data aplikací\winscp.rnd
2012-10-15 22:29 - 2014-03-30 22:37 - 0001740 ____C () F:\Documents and Settings\vera\Local Settings\Data aplikací\d3d8caps.dat
2012-10-02 00:42 - 2012-11-07 16:28 - 0001852 ____C () F:\Documents and Settings\vera\Local Settings\Data aplikací\d3d9caps.dat
2012-09-18 22:37 - 2013-12-20 10:45 - 0021504 ____C () F:\Documents and Settings\vera\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-26 14:46 - 2013-02-26 14:46 - 0000600 ____C () F:\Documents and Settings\vera\Local Settings\Data aplikací\PUTTY.RND
2013-08-01 13:31 - 2013-08-01 13:31 - 0000774 ____C () F:\Documents and Settings\vera\Local Settings\Data aplikací\recently-used.xbel

Some files in TEMP:
====================
2012-11-04 21:12 - 2012-11-04 21:12 - 8795136 ____C () F:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
2016-12-25 15:47 - 2016-12-25 15:47 - 0061440 _____ (The Gentee Group) F:\Documents and Settings\vera\Local Settings\Temp\genteert.dll
2016-12-25 15:46 - 2016-12-25 15:47 - 0241664 _____ (Ilya Morozov) F:\Documents and Settings\vera\Local Settings\Temp\uninstall-1.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

F:\WINDOWS\explorer.exe => File is digitally signed
F:\WINDOWS\system32\winlogon.exe => File is digitally signed
F:\WINDOWS\system32\svchost.exe => File is digitally signed
F:\WINDOWS\system32\services.exe => File is digitally signed
F:\WINDOWS\system32\User32.dll => File is digitally signed
F:\WINDOWS\system32\userinit.exe => File is digitally signed
F:\WINDOWS\system32\rpcss.dll => File is digitally signed
F:\WINDOWS\system32\dnsapi.dll => File is digitally signed
F:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================