Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o pomoc!

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Prosím o pomoc!

#1 Příspěvek od Minmi »

Zdravím,

mám problém s obrazovkou :( Začalo to včera - firewall hlásil prístup nejakého FlashPlayerUpdateService.exe na sieť (čo nikdy predtým neurobilo). Po prepnutí PC do standbay sa PC namiesto uspatia reštartovalo, počas nabiehania windowsu bolo vidno farebné pásmo, ale následne na obrazovke nabehlo power save mode a zostala čierna, s blikajúcou kontrolkou. PC som preto resetoval, tentokrát windows nabehol, ale po celej obrazovke boli malé zelené / fialové kocky (prikladám screen). Rozhodol som sa to nechať na druhý deň a PC som uspal. Po zapnutí PC ráno kocky zmizli a obraz bol normálny, bol však problém s oknami - pri ich premiestnení blikali a veľmi pomaly sa premiestňovali. Bol problém aj s videom - vyhodilo nejaký error s DX9, ale spustilo ho, aj keď bez tituliek. Následne po niekoľkých hodinách opäť nabehli farebné kocky na obrazovke, PC som skúsil reštartovať, avšak obrazovka nenabehla (po resete to isté). Skúsil som preto Safe Mode, ktorý nabehol, ale s farebnými pásikmi.
Neviem či ide o nejaký problém s grafickou kartou, alebo môže ísť o nejaký vírus (v súvislosti s tým FlashPlayerUpdateService.exe). :(
Prosím o pomoc, prikladám RSIT a screeny.
Vopred vďaka!

Logfile of random's system information tool 1.10 (written by random/random)
Run by Milan at 2017-09-15 17:09:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (5%) free of 610 GB
Total RAM: 3326 MB (90% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:09:58, on 15. 9. 2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Milan\Desktop\RSIT.exe
C:\Program Files\trend micro\Milan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [IseUI] C:\Program Files\COMODO\Internet Security Essentials\vkise.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3520 series.lnk = ?
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: isesrv - COMODO - C:\Program Files\COMODO\Internet Security Essentials\isesrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7344 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}.job - C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {06A09C0F-DD9C-4191-A670-71115CD78627}
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job - C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job - C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe --launchSchedule {A6D52E4F-569B-4756-B3D8-DF217313DA85}
C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-299502267-839522115-1003UA.job - C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\hjz52wgd.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?src=2&q="

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 27.0.0.130 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll

C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\hjz52wgd.default\searchplugins\
avira-safesearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-27 16875008]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2016-10-28 831576]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2017-08-29 1390784]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2015-07-08 207424]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2016-08-14 67840]
"IseUI"=C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [2017-08-08 3632848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe [2017-04-29 601168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-06-30 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2015-08-30 144200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^fortePivot.lnk]
C:\PROGRA~1\LGSOFT~1\FORTEP~1\bin\FORTEP~1.EXE [2009-12-17 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IRMonitor.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IRMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TMMonitor.lnk]
C:\PROGRA~1\ArcSoft\TOTALM~1.5\TMMONI~1.EXE [2015-07-02 258048]

C:\Documents and Settings\Milan\Start Menu\Programs\Startup
Monitor Ink Alerts - HP Deskjet 3520 series.lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2014-01-07 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-09-20 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Hry\World of Warcraft\Repair.exe"="C:\Hry\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Hry\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\World of Warcraft\BackgroundDownloader.exe"="C:\Hry\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\World of Warcraft\Launcher.exe"="C:\Hry\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Hry\LOTR\game.dat"="C:\Hry\LOTR\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\Hry\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\Counter-Strike Source\hl2.exe"="C:\Hry\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\Hry\KnightsAndMerchants\KaM_1024.exe"="C:\Hry\KnightsAndMerchants\KaM_1024.exe:*:Enabled:KaM_1024"
"C:\Hry\KaM - The Peasants Rebellion\KM_TPR.exe"="C:\Hry\KaM - The Peasants Rebellion\KM_TPR.exe:*:Enabled:KM_TPR"
"C:\Hry\Warcraft III\Warcraft III.exe"="C:\Hry\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Hry\Warcraft III\euroloader.exe"="C:\Hry\Warcraft III\euroloader.exe:*:Enabled:w3l"
"C:\Hry\Garena\Garena.exe"="C:\Hry\Garena\Garena.exe:*:Enabled:Garena"
"C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\World of Warcraft\WoW-3.2.0-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Teamspeak2_RC2server\server_windows.exe"="C:\Program Files\Teamspeak2_RC2server\server_windows.exe:*:Enabled:Server"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Downloads\SweetImSetup.exe"="C:\Downloads\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\Hry\Warcraft III\war3.exe"="C:\Hry\Warcraft III\war3.exe:*:Enabled:war3"
"C:\Hry\Warcraft III\Frozen Throne.exe"="C:\Hry\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - Ledový trùn"
"C:\Hry\OpenTTD\openttd.exe"="C:\Hry\OpenTTD\openttd.exe:*:Enabled:OpenTTD"
"C:\Hry\Counter Strike\hl.exe"="C:\Hry\Counter Strike\hl.exe:*:Enabled:hl"
"%windir%\explorer.exe"="%windir%\explorer.exe"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe"="C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe:*:Enabled:Dota 2"
"C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe"="C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\Program Files\Steam\bin\steamwebhelper.exe"="C:\Program Files\Steam\bin\steamwebhelper.exe:*:Enabled:Steam Web Helper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3520 series)"
"C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3520 series)"
"C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 3520 series)"
"C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe"="C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe:*:Enabled:Dota 2"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe"="C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe:*:Enabled:Steam Web Helper"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"%windir%\explorer.exe"="%windir%\explorer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.lhacm"=lhacm.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-09-15 17:05:34 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 month======

2017-09-15 17:09:53 ----D---- C:\Program Files\trend micro
2017-09-15 17:05:34 ----D---- C:\WINDOWS
2017-09-15 16:57:51 ----D---- C:\WINDOWS\Temp
2017-09-15 16:57:48 ----D---- C:\WINDOWS\system32\CatRoot2
2017-09-15 16:49:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2017-09-15 13:51:07 ----D---- C:\WINDOWS\system32
2017-09-15 02:00:29 ----D---- C:\WINDOWS\Prefetch
2017-09-14 23:13:35 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2017-09-14 23:13:32 ----D---- C:\WINDOWS\system32\Macromed
2017-09-10 12:23:46 ----D---- C:\WINDOWS\system32\NtmsData
2017-09-10 12:23:22 ----SHD---- C:\System Volume Information
2017-09-03 12:22:51 ----D---- C:\WINDOWS\Registration
2017-08-31 20:32:29 ----D---- C:\WINDOWS\system32\drivers
2017-08-31 20:32:27 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2017-08-31 20:26:37 ----SHD---- C:\WINDOWS\Installer
2017-08-29 06:59:53 ----A---- C:\WINDOWS\system32\cmdcsr.dll
2017-08-29 06:59:47 ----A---- C:\WINDOWS\system32\guard32.dll
2017-08-29 06:55:23 ----A---- C:\WINDOWS\system32\cmdvrt32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2017-08-08 114248]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-05-11 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2017-08-08 17296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2017-08-08 32760]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2015-07-02 18688]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-23 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2016-08-14 140272]
S1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2015-05-07 37896]
S1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2017-08-08 653840]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
S1 isedrv;Internet Security Essentials; C:\WINDOWS\system32\drivers\isedrv.sys [2017-08-08 34176]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2015-07-02 14592]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2016-08-14 115600]
S2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-09-20 62336]
S3 ajtf6mie;ajtf6mie; C:\WINDOWS\system32\drivers\ajtf6mie.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2015-07-21 7875072]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Milan\LOCALS~1\Temp\EOU3C76.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Hry\Garena\safedrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-11-01 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-11-01 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-11-01 21568]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
S3 IT9135BDA;IT9135 BDA Devices; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [2015-07-02 145920]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usb2vcom;Nokia CA-42 USB; C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-04-03 30272]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2015-07-02 113152]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2016-10-28 970632]
S2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2016-10-28 470600]
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2016-10-28 470600]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2016-10-28 1253352]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2015-07-08 643072]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2016-08-14 309384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2017-08-29 8150344]
S2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 isesrv;isesrv; C:\Program Files\COMODO\Internet Security Essentials\isesrv.exe [2017-08-08 133840]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-14 272384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2017-08-29 2080448]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2017-08-11 174032]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2016-08-28 1465120]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Přílohy
kocky.JPG
kocky.JPG (39.72 KiB) Zobrazeno 3910 x

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#2 Příspěvek od Minmi »

screeny mi idú priložiť iba po jednom
Přílohy
kocky2.JPG
kocky2.JPG (71.9 KiB) Zobrazeno 3907 x

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#3 Příspěvek od Minmi »

tretí screen - dxdiag
Přílohy
dxdiag1.JPG
dxdiag1.JPG (101.45 KiB) Zobrazeno 3905 x

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#4 Příspěvek od Minmi »

bump :(

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc!

#5 Příspěvek od altrok »

Krasny den Vam preju :bye:


:arrow: Pokud je Vas log dlouhy a nevejde se do jednoho prispevku (je delsi nez 100.000 znaku), pridejte do nazvu tematu informaci o tom, ze je log dlouhy a je rozdelen do vice casti (napr. "virus, 3 posty"). Primarne resime temata bez odpovedi, takze ve Vasem pripade to vypada, ze se Vam jiz nektery z kolegu venuje a tema snadno zapadne.


:arrow: Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pokud budete mit problemy se stazenim FRSTLauncheru, staci kdyz pouzijete samotny FRST.exe/FRST64.exe.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#6 Příspěvek od Minmi »

Zdravím,

vďaka za odpoveď :) Tento víkend som nakoniec nebol pri danom PC, tak ak nevadí, log pošlem ďalší víkend

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc!

#7 Příspěvek od altrok »

Hezky den,

neni problem. Az budete u tohoto PC, poslete logy. Zatim to podle fotek vypada na problem s grafickou kartou, ale uvidime :)
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#8 Příspěvek od Minmi »

Zdravím, tak prikladám dané logy:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2017 01
Ran by Milan (administrator) on MINMI (29-09-2017 19:52:39)
Running from C:\Documents and Settings\Milan\Desktop
Loaded Profiles: Milan (Available Profiles: Milan & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Milan\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16875008 2008-06-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [77824 2008-06-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2007-09-21] (Logitech, Inc.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-10-28] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1390784 2017-08-29] (COMODO)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2015-07-08] (ArcSoft Inc.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IseUI] => C:\Program Files\COMODO\Internet Security Essentials\vkise.exe [3632848 2017-08-08] (COMODO)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2014-01-07] (ATI Technologies Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2007-11-15] (Logitech, Inc.)
HKU\S-1-5-21-1214440339-299502267-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
Startup: C:\Documents and Settings\Milan\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk [2017-09-29]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{7ACE698D-4720-4025-B087-D0FD22DADB4F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
URLSearchHook: HKLM -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKU\S-1-5-21-1214440339-299502267-839522115-1003 - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1214440339-299502267-839522115-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2009-01-04] (Logitech Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2010-03-09] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\hjz52wgd.default [2017-09-29]
FF SelectedSearchEngine: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\hjz52wgd.default -> Google
FF Homepage: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\hjz52wgd.default -> hxxp://www.google.sk/
FF Keyword.URL: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\hjz52wgd.default -> hxxp://search.sweetim.com/search.asp?src=2&q=
FF Extension: (Avira Browser Safety) - C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\hjz52wgd.default\Extensions\abs@avira.com.xpi [2017-09-08]
FF SearchPlugin: C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\hjz52wgd.default\searchplugins\avira-safesearch.xml [2014-08-12]
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: (PC Sync 2 Synchronisation Extension) - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2009-06-05] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-01-30] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1214440339-299502267-839522115-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1214440339-299502267-839522115-1003: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Milan\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1214440339-299502267-839522115-1003: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Milan\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1214440339-299502267-839522115-1003: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1214440339-299502267-839522115-1003: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-10-03] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Milan\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Milan\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2015-07-02] (ArcSoft Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-14] (Adobe Systems Incorporated) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-10-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-10-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-10-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-10-28] (Avira Operations GmbH & Co. KG)
S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2015-07-08] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-06-02] () [File not signed]
S2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-08-14] (Avira Operations GmbH & Co. KG)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [8150344 2017-08-29] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2080448 2017-08-29] (COMODO)
S2 GEST Service; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [80392 2008-07-11] ()
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S2 isesrv; C:\Program Files\COMODO\Internet Security Essentials\isesrv.exe [133840 2017-08-08] (COMODO)
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2008-01-16] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-01-16] (Hewlett-Packard) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [621056 2009-03-04] (Nokia.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2015-07-02] (Arcsoft, Inc.)
S3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [7875072 2015-07-21] (ATI Technologies Inc.) [File not signed]
S2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-08-14] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-08-14] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [17296 2017-08-08] (COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [653840 2017-08-08] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32760 2017-08-08] (COMODO)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2017-09-29] (Windows (R) 2000 DDK provider)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [25280 2009-04-23] (LogMeIn, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-11-01] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-11-01] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-11-01] (HP)
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [114248 2017-08-08] (COMODO)
S1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [34176 2017-08-08] (COMODO)
S3 IT9135BDA; C:\WINDOWS\System32\Drivers\IT9135BDA.sys [145920 2015-07-02] (ITE )
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28432 2007-09-21] (Logitech, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15104 2004-07-09] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
S2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62336 2007-09-20] (Microsoft Corporation) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-05-11] () [File not signed]
S3 usb2vcom; C:\WINDOWS\System32\DRIVERS\usb2vcom.sys [30272 2006-04-03] () [File not signed]
U3 apop1dqh; C:\WINDOWS\system32\Drivers\apop1dqh.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 AtiHDAudioService; system32\drivers\AtihdXP3.sys [X]
S3 GarenaPEngine; \??\C:\DOCUME~1\Milan\LOCALS~1\Temp\EOU3C76.tmp [X]
S3 GGSAFERDriver; \??\C:\Hry\Garena\safedrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [225664 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 19:52 - 2017-09-29 19:53 - 000015206 _____ C:\Documents and Settings\Milan\Desktop\FRST.txt
2017-09-29 19:49 - 2017-09-29 19:49 - 001795584 _____ (Farbar) C:\Documents and Settings\Milan\Desktop\FRST.exe
2017-09-29 19:44 - 2017-09-29 19:44 - 000112640 _____ (forum.viry.cz) C:\Documents and Settings\Milan\Desktop\FRSTLauncher.exe
2017-09-15 17:09 - 2017-09-15 17:09 - 001107968 _____ C:\Documents and Settings\Milan\Desktop\RSIT.exe
2017-09-15 17:05 - 2017-09-29 19:38 - 000139510 _____ C:\WINDOWS\ntbtlog.txt
2017-09-10 16:19 - 2017-09-10 16:20 - 002729118 _____ C:\Documents and Settings\Milan\Desktop\test_komparativna_pedagogika.pdf
2017-09-10 16:08 - 2017-09-10 16:08 - 003271176 _____ C:\Documents and Settings\Milan\Desktop\zmluva_o_obstarani_zajazdu.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 19:53 - 2017-05-12 19:55 - 000000000 ____D C:\Documents and Settings\Milan\Local Settings\Temp
2017-09-29 19:52 - 2017-05-07 12:22 - 000000000 ____D C:\FRST
2017-09-29 19:46 - 2015-11-15 21:34 - 000000000 ____D C:\firefox_zalohy
2017-09-29 19:35 - 2012-04-20 18:33 - 000000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-09-29 19:35 - 2009-01-04 16:43 - 000016608 _____ (Windows (R) 2000 DDK provider) C:\WINDOWS\gdrv.sys
2017-09-29 19:35 - 2009-01-02 16:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-29 19:35 - 2001-08-23 14:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-09-16 00:16 - 2009-01-02 16:35 - 000000178 ___SH C:\Documents and Settings\Milan\ntuser.ini
2017-09-15 17:31 - 2012-03-18 00:20 - 000001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-09-15 17:09 - 2012-03-17 16:46 - 000000000 ____D C:\Program Files\trend micro
2017-09-15 16:57 - 2017-04-14 13:48 - 000000440 _____ C:\WINDOWS\Tasks\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}.job
2017-09-15 16:57 - 2014-04-04 13:08 - 000000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2017-09-15 16:57 - 2013-02-02 14:02 - 000000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2017-09-15 16:49 - 2009-01-02 16:34 - 000000000 ____D C:\Documents and Settings\Milan
2017-09-15 16:49 - 2009-01-02 16:33 - 000032656 _____ C:\WINDOWS\SchedLgU.Txt
2017-09-15 16:47 - 2013-06-30 22:42 - 000000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-299502267-839522115-1003UA.job
2017-09-15 16:13 - 2015-10-23 19:32 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-09-15 01:53 - 2009-01-02 17:06 - 000000000 _____ C:\WINDOWS\MEMORY.DMP
2017-09-14 23:13 - 2012-04-09 00:26 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-09-14 23:13 - 2011-05-16 14:05 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-09-14 23:13 - 2009-01-02 17:06 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-10 12:23 - 2013-01-28 17:04 - 000000000 ____D C:\WINDOWS\system32\NtmsData
2017-09-03 12:22 - 2009-01-02 16:28 - 000000000 ____D C:\WINDOWS\Registration
2017-08-31 20:47 - 2013-06-20 18:18 - 000004414 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2017-08-31 20:32 - 2013-02-02 13:58 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
2017-08-31 20:32 - 2013-02-02 13:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Comodo

==================== Files in the root of some directories =======

2011-08-09 14:12 - 2011-08-09 17:41 - 000062662 _____ () C:\Documents and Settings\Milan\Local Settings\Application Data\SRDownloader.err
2011-08-09 14:11 - 2013-01-09 00:49 - 000001048 _____ () C:\Documents and Settings\Milan\Local Settings\Application Data\SRDownloader.nast
2014-10-17 14:21 - 2014-10-17 14:21 - 000000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2009-01-06 20:36 - 2014-06-07 14:03 - 000002125 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Some files in TEMP:
====================
2017-05-12 19:55 - 2017-05-12 19:55 - 000000000 ____D () C:\Documents and Settings\Milan\Local Settings\Temp\avgnt.exe
2017-09-29 19:35 - 2017-09-29 19:35 - 000000000 _____ () C:\Documents and Settings\Milan\Local Settings\Temp\GUR2.exe
2017-07-09 11:53 - 2017-07-09 11:53 - 004113960 _____ (COMODO) C:\Documents and Settings\Milan\Local Settings\Temp\ise_installer.exe
2017-08-11 22:42 - 2017-08-11 22:42 - 000192512 _____ () C:\Documents and Settings\Milan\Local Settings\Temp\sfamcc00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

==================== End of FRST.txt ============================



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:596.16 GB) (Free:29.37 GB) NTFS ==>[drive with boot components (Windows XP)]

Available physical RAM: 2360.32 MB
Total physical RAM: 3326.42 MB
Percentage of memory in use: 29%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 9F779F77)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-299502267-839522115-1003UA.job => C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Potvrdenie_Jati_final.rtf:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdpcom32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ati2mdxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atibtmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ATIDDC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ATIDEMGX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atiiiexx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atimpc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ATIODCLI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ATIODE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atioglxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atitvo32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ativcoxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ativvamv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdaPlgIn.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msh263.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Oemdspif.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsisDecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsisRndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unicows.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2mtag.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BdaSup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IT9135BDA.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssmdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\bdasup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msdvbnp.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\Milan\Desktop\Norbekov---Jak-se-zbavit-bryli.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Documents and Settings\Milan\Desktop\transakcia_1506021EQ1IBR.pdf:$CmdTcID [64]

==================== Security Center ==================

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Milan\Desktop" je 683 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^fortePivot.lnk
C:\PROGRA~1\LGSOFT~1\FORTEP~1\bin\FORTEP~1.EXE -startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IRMonitor.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IRMonitor.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TMMonitor.lnk
C:\PROGRA~1\ArcSoft\TOTALM~1.5\TMMONI~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\ICQ7.2\\ICQ.exe"="C:\\Program Files\\ICQ7.2\\ICQ.exe:*:Enabled:ICQ7.2"
"C:\\Program Files\\ICQ7.2\\aolload.exe"="C:\\Program Files\\ICQ7.2\\aolload.exe:*:Enabled:aolload.exe"
"%windir%\\explorer.exe"="%windir%\\explorer.exe"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\ICQ6.5\\ICQ.exe"="C:\\Program Files\\ICQ6.5\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Hry\\World of Warcraft\\Repair.exe"="C:\\Hry\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Hry\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"="C:\\Hry\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Hry\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Hry\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Hry\\World of Warcraft\\Launcher.exe"="C:\\Hry\\World of Warcraft\\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\\Hry\\LOTR\\game.dat"="C:\\Hry\\LOTR\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Hry\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enGB-downloader.exe"="C:\\Hry\\World of Warcraft\\WoW-3.1.0.9767-to-3.1.1.9806-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Hry\\World of Warcraft\\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe"="C:\\Hry\\World of Warcraft\\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Hry\\Counter-Strike Source\\hl2.exe"="C:\\Hry\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Hry\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="C:\\Hry\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\\Hry\\KnightsAndMerchants\\KaM_1024.exe"="C:\\Hry\\KnightsAndMerchants\\KaM_1024.exe:*:Enabled:KaM_1024"
"C:\\Hry\\KaM - The Peasants Rebellion\\KM_TPR.exe"="C:\\Hry\\KaM - The Peasants Rebellion\\KM_TPR.exe:*:Enabled:KM_TPR"
"C:\\Hry\\Warcraft III\\Warcraft III.exe"="C:\\Hry\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Hry\\Warcraft III\\euroloader.exe"="C:\\Hry\\Warcraft III\\euroloader.exe:*:Enabled:w3l"
"C:\\Hry\\Garena\\Garena.exe"="C:\\Hry\\Garena\\Garena.exe:*:Enabled:Garena"
"C:\\Hry\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="C:\\Hry\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Hry\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"="C:\\Hry\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Teamspeak2_RC2server\\server_windows.exe"="C:\\Program Files\\Teamspeak2_RC2server\\server_windows.exe:*:Enabled:Server"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\\Hry\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="C:\\Hry\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Hry\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="C:\\Hry\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"="C:\\Program Files\\Java\\jre6\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\ICQ7.2\\ICQ.exe"="C:\\Program Files\\ICQ7.2\\ICQ.exe:*:Enabled:ICQ7.2"
"C:\\Program Files\\ICQ7.2\\aolload.exe"="C:\\Program Files\\ICQ7.2\\aolload.exe:*:Enabled:aolload.exe"
"C:\\Downloads\\SweetImSetup.exe"="C:\\Downloads\\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\\Hry\\Warcraft III\\war3.exe"="C:\\Hry\\Warcraft III\\war3.exe:*:Enabled:war3"
"C:\\Hry\\Warcraft III\\Frozen Throne.exe"="C:\\Hry\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - Ledový trùn"
"C:\\Hry\\OpenTTD\\openttd.exe"="C:\\Hry\\OpenTTD\\openttd.exe:*:Enabled:OpenTTD"
"C:\\Hry\\Counter Strike\\hl.exe"="C:\\Hry\\Counter Strike\\hl.exe:*:Enabled:hl"
"%windir%\\explorer.exe"="%windir%\\explorer.exe"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"="C:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe:*:Enabled:Dota 2"
"C:\\Documents and Settings\\Milan\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="C:\\Documents and Settings\\Milan\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\\Program Files\\Steam\\bin\\steamwebhelper.exe"="C:\\Program Files\\Steam\\bin\\steamwebhelper.exe:*:Enabled:Steam Web Helper"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\HP\\HP Deskjet 3520 series\\Bin\\DeviceSetup.exe"="C:\\Program Files\\HP\\HP Deskjet 3520 series\\Bin\\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3520 series)"
"C:\\Program Files\\HP\\HP Deskjet 3520 series\\Bin\\HPNetworkCommunicator.exe"="C:\\Program Files\\HP\\HP Deskjet 3520 series\\Bin\\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3520 series)"
"C:\\Program Files\\HP\\HP Deskjet 3520 series\\Bin\\HPNetworkCommunicatorCom.exe"="C:\\Program Files\\HP\\HP Deskjet 3520 series\\Bin\\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 3520 series)"
"C:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\game\\bin\\win32\\dota2.exe"="C:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\game\\bin\\win32\\dota2.exe:*:Enabled:Dota 2"
"C:\\Program Files\\ArcSoft\\TotalMedia 3.5\\TotalMedia.exe"="C:\\Program Files\\ArcSoft\\TotalMedia 3.5\\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"C:\\Program Files\\Steam\\bin\\cef\\cef.winxp\\steamwebhelper.exe"="C:\\Program Files\\Steam\\bin\\cef\\cef.winxp\\steamwebhelper.exe:*:Enabled:Steam Web Helper"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3724:TCP"="3724:TCP:*:Enabled:Blizzard Downloader"
"6112:TCP"="6112:TCP:*:Enabled:Blizzard Downloader"
"6881:TCP"="6881:TCP:*:Enabled:Blizzard Downloader: 6881"
"6112:UDP"="6112:UDP:*:Enabled:W3 Hoster"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#9 Příspěvek od Minmi »

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2017 01
Ran by Milan (29-09-2017 19:54:20)
Running from C:\Documents and Settings\Milan\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2009-01-02 14:32:10)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1214440339-299502267-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1214440339-299502267-839522115-1007 - Limited - Enabled)
Guest (S-1-5-21-1214440339-299502267-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1214440339-299502267-839522115-1000 - Limited - Disabled)
Milan (S-1-5-21-1214440339-299502267-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Milan
Minmi (S-1-5-21-1214440339-299502267-839522115-1005 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-1214440339-299502267-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}) (Version: 2.1.0 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIO_Scan (HKLM\...\{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}) (Version: 100.0.206.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{E6F9BAE4-BB90-7AC9-0B67-2923D2D2061E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
ArcSoft TotalMedia 3.5 (HKLM\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.282 - ArcSoft)
ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 9.15.0.20713 - ATI Technologies Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0602.2242 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.501-080602a-064785C-ATI - )
ATI HYDRAVISION (HKLM\...\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}) (Version: 3.25.0006 - )
ATI Parental Control & Encoder (HKLM\...\{36CDA33B-909B-4719-97D1-C4B99309BDC7}) (Version: 3.0 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (HKLM\...\{5DA6F06A-B389-407B-BF8C-1548767914D8}) (Version: 8.10 - ATI Technologies)
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5 (HKLM\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.5.24 - Autodesk, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Browser Configuration Utility (HKLM\...\{E8AEA11B-E60A-455E-B008-E4E763604612}) (Version: 1.0.4.9 - DeviceVM Inc.) <==== ATTENTION
BufferChm (HKLM\...\{687FEF8A-8597-40b4-832C-297EA3F35817}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C5200 (HKLM\...\{C708333C-B1B9-43be-B797-49FEC7A8D15B}) (Version: 100.0.206.000 - Hewlett-Packard) Hidden
C5200_Help (HKLM\...\{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}) (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Call Of Duty(R) 2 (HKLM\...\{DBECFA83-42DC-4585-A970-A764AB01A956}) (Version: 1.0 - )
Cards_Calendar_OrderGift_DoMorePlugout (HKLM\...\{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
ccc-core-preinstall (HKLM\...\{EE5AC826-8731-6406-9947-D0420143A7BD}) (Version: 2008.0602.2243.38732 - ATI) Hidden
ccc-core-static (HKLM\...\{25611B0A-54C2-69B9-723D-668201C22CD4}) (Version: 2008.0602.2243.38732 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.36 - Piriform)
CDDRV_Installer (HKLM\...\{0C826C5B-B131-423A-A229-C71B3CACCD6A}) (Version: 4.24.15 - Logitech) Hidden
COMODO Internet Security (HKLM\...\{BCC0552D-76C0-4130-BFBD-49BE49ACC594}) (Version: 10.0.1.6294 - COMODO Security Solutions Inc.)
Copy (HKLM\...\{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Counter-Strike 1.6 Bot (HKU\S-1-5-21-1214440339-299502267-839522115-1003\...\Counter-Strike 1.6 Bot) (Version: - )
CustomerResearchQFolder (HKLM\...\{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.12 - Piriform)
Destination Component (HKLM\...\{D99A8E3A-AE5A-4692-8B19-6F16D454E240}) (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM\...\{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}) (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (HKLM\...\{679EC478-3FF9-4987-B2FF-C2C2B27532A2}) (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (HKLM\...\{87E2B986-07E8-477a-93DC-AF0B6758B192}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dota 2 (HKLM\...\Steam App 570) (Version: - )
Energy Saver Advance B8.0711.1 (HKLM\...\{7ED169D4-5053-4166-93DF-53B12AE6C539}) (Version: 1.10.0000 - GIGABYTE)
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 0.72.105 - Logitech, Inc.) Hidden
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Eurobattle.net (HKLM\...\Eurobattle.net1.24b) (Version: 1.24b - Eurobattle.net)
Eurobattle.net (HKLM\...\Eurobattle.net1.26) (Version: 1.26 - Eurobattle.net)
Eurobattle.net (HKLM\...\Eurobattle.net2.0) (Version: 2.0 - Eurobattle.net)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (HKLM\...\{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}) (Version: 100.0.187.000 - Hewlett-Packard) Hidden
fortePivot (HKLM\...\{EDF3EEF2-F0B9-440B-B8B9-A61F2DA8C78A}) (Version: 3.06 - LG Soft India)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService (HKLM\...\{18669FF9-C8FE-407a-9F70-E674896B1DB4}) (Version: 100.0.187.000 - Hewlett-Packard) Hidden
Hamachi 1.0.3.0 (HKLM\...\Hamachi) (Version: - )
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
High-Definition Video Playback (HKLM\...\{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}) (Version: 7.3.10800.5.0 - Nero AG) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{5C2ECF15-B7FF-4E0E-9D00-2000354BD9C2}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (HKLM\...\{A07840FC-CE63-4CB8-8030-EF4B9805925A}) (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (HKLM\...\{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}) (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM\...\{DD3C88A0-C53C-41D0-A21B-6D021981D23E}) (Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (HKLM\...\{ADFB9653-F44C-460C-BF58-189CC552DFFE}) (Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (HKLM\...\{12A76360-388E-4B27-ABEB-D5FC5378DD2A}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{36FDBE6E-6684-462b-AE98-9A39A1B200CC}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
Internet Security Essentials (HKLM\...\ComodoIse) (Version: 1.2.424651.94 - Comodo)
IT9130 Driver v11.4.26.1 (HKLM\...\IT9130 DriverInstaller_11.4.26.1) (Version: - )
Java(TM) 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
KaM - The Peasants Rebellion (HKLM\...\KaM - The Peasants Rebellion) (Version: - )
KaM Remake Full r6720 (HKLM\...\{FDE049C8-E4B2-4EB5-A534-CF5C581F5D32}_is1) (Version: - )
KhalInstallWrapper (HKLM\...\{3101CB58-3482-4D21-AF1A-7057FC935355}) (Version: 4.24.99 - Logitech) Hidden
K-Lite Codec Pack 11.3.6 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
KnightsAndMerchants (HKLM\...\KnightsAndMerchants) (Version: - )
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.24 - Logitech)
MarketResearch (HKLM\...\{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.5 (HKLM\...\Wudf01005) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 52.3.0 ESR (x86 sk) (HKLM\...\Mozilla Firefox 52.3.0 ESR (x86 sk)) (Version: 52.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.3.0.6423 - Mozilla)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
Nero 10 Creative CollectionPack 1 (HKLM\...\{8F93C410-D762-482B-B2D9-934C475F71FA}) (Version: 10.6.10100.1.0 - Nero AG)
Nero 10 Kwik Themes 3 (HKLM\...\{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}) (Version: 10.6.10100.1.0 - Nero AG)
Nero 10 Kwik Themes 4 (HKLM\...\{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}) (Version: 10.6.10100.1.0 - Nero AG)
Nero 10 PiP EffectPack 1 (HKLM\...\{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}) (Version: 10.6.10100.0.0 - Nero AG)
Nero 10 Video TransitionPack 1 (HKLM\...\{85BEC8F6-9AA3-43FF-B56B-8276277137B3}) (Version: 10.6.10100.0.0 - Nero AG)
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.10400.4.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.6.10600.4.100 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Kwik Media (HKLM\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14200.48.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.6.11300 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.10.10600.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.10.10300.2.100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.4.10800.7.100 - Nero AG)
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.10.10400.3.100 - Nero AG)
Nokia Connectivity Cable Driver (HKLM\...\{82427977-8776-4087-90CA-9F65174D3C4D}) (Version: 7.1.16.0 - Nokia)
Nokia PC Suite (HKLM\...\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}) (Version: 7.1.26.0 - Nokia) Hidden
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.26.0 - Nokia)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenTTD 1.1.5 (HKLM\...\OpenTTD) (Version: 1.1.5 - OpenTTD)
PanoStandAlone (HKLM\...\{6B437F94-056F-4791-AF2C-0D10E2706AF0}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
PC Connectivity Solution (HKLM\...\{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}) (Version: 9.13.1.0 - Nokia)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery)
PS_AIO_02_ProductContext (HKLM\...\{b9be267c-e096-4cce-a4fd-f24eec004938}) (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (HKLM\...\{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}) (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (HKLM\...\{c4549405-195f-4450-8865-6be9dc5ad136}) (Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (HKLM\...\{34BFB099-07B2-4E95-A673-7362D60866A2}) (Version: 2.02.0000 - Hewlett-Packard) Hidden
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5653 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Ruske / Ukrajinske foneticke klavesnice pro WIN 2000/XP 1.3 (HKLM\...\Ruska / Ukrajinska foneticka klavesnice_is1) (Version: 1.5 - )
SaxoTrader (HKLM\...\{49C14B93-58AD-4178-B52C-750D54CE618D}) (Version: 2.78.28.0 - Saxo Bank)
Scan (HKLM\...\{80533B67-C407-485D-8B5D-63BB8ED9D878}) (Version: 10.1.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Skins (HKLM\...\{B84AE471-81DD-D81F-CD20-B3464877E525}) (Version: 2008.0602.2243.38732 - ATI) Hidden
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.155 - Skype Technologies S.A.)
SmartWebPrintingOC (HKLM\...\{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}) (Version: 100.0.189.000 - Hewlett-Packard) Hidden
Software Update for Web Folders (HKLM\...\{7CCEBC24-62DB-4280-A8EC-BFA49F167920}) (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
SolutionCenter (HKLM\...\{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}) (Version: 100.0.175.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
Spyware Terminator 2012 (HKLM\...\{56736259-613E-4A3B-B428-6235F2E76F44}_is1) (Version: 3.0.0.50 - Crawler.com)
STATGRAPHICS Plus 3.0 (HKLM\...\SGWINDeinstKey) (Version: - )
Status (HKLM\...\{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}) (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 2 RC2 (HKLM\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19.4 - TeamSpeak Systems GmbH)
The Battle for Middle-earth (tm) II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Toolbox (HKLM\...\{0F7C2E47-089E-4d23-B9F7-39BE00100776}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (HKLM\...\{5ACE69F0-A3E8-44eb-88C1-0A841E700180}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM\...\{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}) (Version: 10.0.0 - Hewlett-Packard) Hidden
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
VideoToolkit01 (HKLM\...\{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}) (Version: 100.0.128.000 - Hewlett-Packard) Hidden
Warcraft III: All Products (HKU\S-1-5-21-1214440339-299502267-839522115-1003\...\Warcraft III) (Version: - )
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{CCB9B81A-167F-4832-B305-D2A0430840B3}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2) (HKLM\...\E7F682214B951640C9C539C41FDA1A7F836FF7B6) (Version: 02/23/2009 7.01.0.2 - Nokia)
Windows Driver Package - Nokia Modem (02/24/2009 4.0) (HKLM\...\D978F69D5F15B845BD6BC6F8BF9BCD36982A2087) (Version: 02/24/2009 4.0 - Nokia)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1214440339-299502267-839522115-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll => No File
ContextMenuHandlers1: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-29] (COMODO)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2012-12-08] (Piriform Ltd)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\AntiVir Desktop\shlext.dll [2016-10-28] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers2: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-29] (COMODO)
ContextMenuHandlers3: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll -> No File
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2015-10-04] (Piriform Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2008-02-12] ()
ContextMenuHandlers6: [Comodo Antivirus] -> {4255A182-CAD9-4214-A19B-7BA7FB633BBD} => C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll [2017-08-29] (COMODO)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell.dll [2012-12-08] (Piriform Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell.dll [2015-10-04] (Piriform Ltd)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\AntiVir Desktop\shlext.dll [2016-10-28] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [STShellMenu] -> {F32C83B9-DF1D-42AD-9741-C52909703957} => C:\Program Files\Spyware Terminator\STShell.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1214440339-299502267-839522115-1003UA.job => C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Milan\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

==================== Loaded Modules (Whitelisted) ==============

2007-09-20 06:34 - 2008-04-14 05:42 - 001288192 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Potvrdenie_Jati_final.rtf:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdpcom32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Ati2mdxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atibtmon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ATIDDC.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\ATIDEMGX.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atiiiexx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atimpc32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ATIODCLI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ATIODE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atioglxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atitvo32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ativcoxx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ativvamv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BdaPlgIn.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSDvbNP.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msh263.drv:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Oemdspif.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsisDecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PsisRndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\unicows.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2mtag.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BdaSup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IT9135BDA.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ssmdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\bdaplgin.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\bdasup.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\iyuv_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msdvbnp.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\msyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\psisdecd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\psisrndr.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\tsbyuv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dllcache\vfwwdm32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Documents and Settings\Milan\Desktop\Norbekov---Jak-se-zbavit-bryli.pdf:$CmdTcID [130]
AlternateDataStreams: C:\Documents and Settings\Milan\Desktop\transakcia_1506021EQ1IBR.pdf:$CmdTcID [64]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 14:00 - 2013-01-31 16:50 - 000000000 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1214440339-299502267-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Milan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^fortePivot.lnk => C:\WINDOWS\pss\fortePivot.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IRMonitor.exe => C:\WINDOWS\pss\IRMonitor.exeCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TMMonitor.lnk => C:\WINDOWS\pss\TMMonitor.lnkCommon Startup
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: SpywareTerminatorShield => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
MSCONFIG\startupreg: SpywareTerminatorUpdater => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] => Enabled:Logitech Desktop Messenger
DomainProfile\AuthorizedApplications: [C:\Program Files\ICQ7.2\ICQ.exe] => Enabled:ICQ7.2
DomainProfile\AuthorizedApplications: [C:\Program Files\ICQ7.2\aolload.exe] => Enabled:aolload.exe
DomainProfile\AuthorizedApplications: [%windir%\explorer.exe] =>
StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] => Enabled:Logitech Desktop Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\ICQ6.5\ICQ.exe] => Enabled:ICQ6
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\Repair.exe] => Enabled:Blizzard Repair Utility
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\BackgroundDownloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\Launcher.exe] => Enabled:Blizzard Launcher
StandardProfile\AuthorizedApplications: [C:\Hry\LOTR\game.dat] => Enabled:The Battle for Middle-earth(tm) II
StandardProfile\AuthorizedApplications: [C:\Program Files\Hamachi\hamachi.exe] => Enabled:Hamachi Client
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enGB-downloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\Hry\Counter-Strike Source\hl2.exe] => Enabled:hl2
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dplaysvr.exe] => Disabled:Microsoft DirectPlay Helper
StandardProfile\AuthorizedApplications: [C:\Hry\KnightsAndMerchants\KaM_1024.exe] => Enabled:KaM_1024
StandardProfile\AuthorizedApplications: [C:\Hry\KaM - The Peasants Rebellion\KM_TPR.exe] => Enabled:KM_TPR
StandardProfile\AuthorizedApplications: [C:\Hry\Warcraft III\Warcraft III.exe] => Enabled:Warcraft III
StandardProfile\AuthorizedApplications: [C:\Hry\Warcraft III\euroloader.exe] => Enabled:w3l
StandardProfile\AuthorizedApplications: [C:\Hry\Garena\Garena.exe] => Enabled:Garena
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\WoW-3.2.0-enGB-downloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\Program Files\Teamspeak2_RC2server\server_windows.exe] => Enabled:Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Ventrilo\Ventrilo.exe] => Enabled:Ventrilo.exe
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\Hry\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe] => Enabled:Blizzard Downloader
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\java.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\ICQ7.2\ICQ.exe] => Enabled:ICQ7.2
StandardProfile\AuthorizedApplications: [C:\Program Files\ICQ7.2\aolload.exe] => Enabled:aolload.exe
StandardProfile\AuthorizedApplications: [C:\Downloads\SweetImSetup.exe] => Enabled:SweetIM Installer
StandardProfile\AuthorizedApplications: [C:\Hry\Warcraft III\war3.exe] => Enabled:war3
StandardProfile\AuthorizedApplications: [C:\Hry\Warcraft III\Frozen Throne.exe] => Enabled:Warcraft III - Ledový trùn
StandardProfile\AuthorizedApplications: [C:\Hry\OpenTTD\openttd.exe] => Enabled:OpenTTD
StandardProfile\AuthorizedApplications: [C:\Hry\Counter Strike\hl.exe] => Enabled:hl
StandardProfile\AuthorizedApplications: [%windir%\explorer.exe] =>
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\dota 2 beta\dota.exe] => Enabled:Dota 2
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Milan\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\steamwebhelper.exe] => Enabled:Steam Web Helper
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3520 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3520 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 3520 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => Enabled:Dota 2
StandardProfile\AuthorizedApplications: [C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe] => :LocalSubNet:Enabled:ArcSoft TotalMedia 3.5
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\cef\cef.winxp\steamwebhelper.exe] => Enabled:Steam Web Helper
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [3724:TCP] => Enabled:Blizzard Downloader
StandardProfile\GloballyOpenPorts: [6112:TCP] => Enabled:Blizzard Downloader
StandardProfile\GloballyOpenPorts: [6881:TCP] => Enabled:Blizzard Downloader: 6881
StandardProfile\GloballyOpenPorts: [6112:UDP] => Enabled:W3 Hoster

==================== Restore Points =========================

16-06-2017 21:47:26 System Checkpoint
18-06-2017 01:21:29 System Checkpoint
23-06-2017 20:06:32 System Checkpoint
24-06-2017 21:51:26 System Checkpoint
28-06-2017 21:33:29 System Checkpoint
29-06-2017 21:34:16 System Checkpoint
09-07-2017 16:59:00 System Checkpoint
10-07-2017 19:07:30 System Checkpoint
14-07-2017 00:19:51 System Checkpoint
16-07-2017 16:05:48 System Checkpoint
21-07-2017 23:07:33 System Checkpoint
23-07-2017 02:18:22 System Checkpoint
24-07-2017 12:17:04 System Checkpoint
25-07-2017 21:11:44 System Checkpoint
27-07-2017 01:13:18 System Checkpoint
28-07-2017 12:54:10 System Checkpoint
29-07-2017 14:28:29 System Checkpoint
30-07-2017 16:30:33 System Checkpoint
01-08-2017 21:16:22 System Checkpoint
04-08-2017 12:14:53 System Checkpoint
06-08-2017 14:19:24 System Checkpoint
07-08-2017 19:06:23 System Checkpoint
13-08-2017 17:36:19 System Checkpoint
18-08-2017 23:20:28 System Checkpoint
25-08-2017 21:32:56 System Checkpoint
27-08-2017 11:43:26 System Checkpoint
28-08-2017 17:59:32 System Checkpoint
29-08-2017 19:30:26 System Checkpoint
30-08-2017 23:49:35 System Checkpoint
01-09-2017 13:42:16 System Checkpoint
02-09-2017 19:47:08 System Checkpoint
09-09-2017 13:14:38 System Checkpoint
10-09-2017 15:01:05 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Nokia 6020
Description: Nokia Windows Portable Device Driver
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Nokia 6070
Description: Nokia 6070
Class Guid: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2017 12:22:52 PM) (Source: MSDTC) (EventID: 4404) (User: )
Description: MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\xpsp\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1

.

Error: (08/29/2017 07:36:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application AcroRd32.exe, version 11.0.8.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/27/2017 12:23:03 PM) (Source: MSDTC) (EventID: 4404) (User: )
Description: MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\xpsp\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x800700a1

.

Error: (08/20/2017 02:00:37 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.

Error: (08/20/2017 02:00:36 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.

Error: (08/20/2017 02:00:36 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.

Error: (08/20/2017 02:00:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.

Error: (08/20/2017 02:00:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.

Error: (08/20/2017 02:00:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.

Error: (08/20/2017 02:00:35 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/m ... ootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (09/29/2017 07:49:52 PM) (Source: DCOM) (EventID: 10005) (User: MINMI)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/29/2017 07:49:41 PM) (Source: DCOM) (EventID: 10005) (User: MINMI)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/29/2017 07:45:49 PM) (Source: DCOM) (EventID: 10005) (User: MINMI)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/29/2017 07:45:27 PM) (Source: DCOM) (EventID: 10005) (User: MINMI)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/29/2017 07:39:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avipbb
avkmgr
cmdGuard
Fips
intelppm

Error: (09/29/2017 07:38:56 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/29/2017 07:37:45 PM) (Source: Dhcp) (EventID: 1001) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 7A7905D161A1. The following error
occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (09/16/2017 12:16:52 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/15/2017 05:28:15 PM) (Source: DCOM) (EventID: 10005) (User: MINMI)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/15/2017 05:27:52 PM) (Source: DCOM) (EventID: 10005) (User: MINMI)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 29%
Total physical RAM: 3326.42 MB
Available physical RAM: 2360.32 MB
Total Virtual: 5214.86 MB
Available Virtual: 4521.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.16 GB) (Free:29.37 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 9F779F77)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc!

#10 Příspěvek od altrok »

:arrow: Udelejme poradek v zabezpeceni - mate dva bezpecnostni produkty, kterymi jsou Avira Antivirus a COMODO Internet Security. Dulezite je, aby nedochazelo ke kolizim, ale aby se tyto produkty doplnovaly, tedy je mozne je mit nainstalovane soucasne, ale pri spravne konfiguraci. Napr. v Avire mejte zapnutou real-time protection (ochranu v realnem case), ale v Comodu vsechno az na firewall vypnete.

:arrow: Doinstalujte posledni dostupne aktualizace pro WinXP - Internet Explorer 8.

:arrow: V ramci cisteni Vam budou vyprazdneny docasne adresare (vysypani Kose a tempu, vyprazdneni cache prohlizecu apod.).


:arrow: Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )
  • ukoncete vsechny programy
  • kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
  • kliknete na Scan (Skenovani), pote na Clean (Cisteni)
  • po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#11 Příspěvek od Minmi »

Tentokrát sa mi normálne spustil windows, dokonca bez farebných vecí na obrazovke.
V Comode by mal byť aktívny iba Firewall, vypol som s problémami Virus Scope (to Comodo sa akosi divne správa, viem ho otvoriť, ale keď kliknem na niektoré veci, napr. nastavenia, tak dole na lište mi vybehne akoby sa snažil otvoriť nové okno bez mena, po chvíli to ale zmizne a neotvorí sa nič, žiadne nastavenia - na niekoľkýkrát sa mi to podarilo otvoriť cez ikonu Comoda vpravo dole, že som sa dostal priamo do okna nastavení, ale na druhýkrát to už zas nešlo :?: + ostalo biele okno s ktorým sa nedá nič spraviť a cis.exe je zaseknutý na 50% CPU)
IE prakticky nepoužívam, len sporadicky kvôli mape katastru. Skúsim ale pozrieť tú novšiu verziu.
Snažil som sa spustiť ADW Cleaner, ale neúspešne :(
Přílohy
ADW.JPG
ADW.JPG (13.86 KiB) Zobrazeno 3783 x

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#12 Příspěvek od Minmi »

Posielam ešte súčasný dxdiag, ktorý sa teraz tvári ok :?:
Přílohy
dxdiag2.JPG
dxdiag2.JPG (69.88 KiB) Zobrazeno 3781 x

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: Prosím o pomoc!

#13 Příspěvek od altrok »

Omlouvam se, moje chyba. AdwCleaner na WinXP nespustite. Nainstalujte MBAM 3 a provedte Vlastni sken vsech disku.

Jake zmeny jste provedl pred tim nez PC nabehl bez barevnych car?
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#14 Příspěvek od Minmi »

Zmeny som nerobil žiadne, v podstate bol PC od prvého logu cca 2 týždne vypnutý, následne som sa vrátil a zapol ho, avšak nenabehol normálne - už na obrazovke ako nabieha windows sa objavili 2 farebné pásy a následne vyskočilo power save mode a čierna obrazovka (namiesto welcome obrazovky). Preto som resetoval a spustil do safe mode, odkiaľ som zbehol FRST - v safe mode ale nevyzerali byť grafické problémy. Nič iné som v safe mode nerobil, prakticky zapnutý len firefox. PC som potom vypol a na druhý deň keď som ho zapol, som opäť skúsil či nabehne normálne - a tentokrát nabehol, a to bez akýchkoľvek grafických problémov :?:

ak nevadí, MBAM by som poslal opäť ďalší piatok :)

Minmi
Návštěvník
Návštěvník
Příspěvky: 176
Registrován: 07 bře 2009 22:18

Re: Prosím o pomoc!

#15 Příspěvek od Minmi »

Zdravím,

chystám sa na to MBAM, ale všimol som si že tuto v návode sa píše, že pre Windows XP použiť verziu 1.75 (https://forum.viry.cz/viewtopic.php?f=29&t=144868).
Preto sa radšej pýtam, ktorú verziu teda stiahnuť. Vďaka :)

Zamčeno