FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Maminka (administrator) on LOSOSKA on 08-04-2014 17:35:13
Running from C:\Documents and Settings\Maminka\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [WINDVDPatch] - C:\WINDOWS\system32\CTHELPER.EXE [40960 2002-02-07] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Jet Detection] - D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [28672 2001-10-04] ()
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [74752 2010-07-12] (Nullsoft, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\.DEFAULT\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-1202660629-287218729-1177238915-1003\...\MountPoints2: {2f770876-2ba1-11e0-9b2c-000d2f00ea86} - F:\autorun.exe
HKU\S-1-5-21-1202660629-287218729-1177238915-1003\...\MountPoints2: {38ccc520-c7d3-11df-9a6c-000c7619e1e2} - "F:\WD SmartWare.exe" autoplay=true
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll No File
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7212912A-609E-4308-9EA6-D3E2FF3206E7}: [NameServer]10.0.0.138
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Maminka\Data aplikací\Mozilla\Firefox\Profiles\ofbj0m8q.default
FF Homepage: http://www.seznam.cz
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-04-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-08] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-04-08] (Avira Operations GmbH & Co. KG)
S4 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-01-31] (DT Soft Ltd)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [991656 2002-03-22] (Creative Technology Ltd)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
R3 WLANFVNETusb(505_2958)(R); C:\WINDOWS\System32\DRIVERS\ainu58x.sys [98304 2006-08-15] (ATMEL)
S4 IntelIde; No ImagePath
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-08 17:35 - 2014-04-08 17:35 - 00007141 ____C () C:\Documents and Settings\Maminka\Plocha\FRST.txt
2014-04-08 17:34 - 2014-04-08 17:35 - 00000000 ___DC () C:\FRST
2014-04-08 17:34 - 2014-04-08 17:33 - 01145856 ____C (Farbar) C:\Documents and Settings\Maminka\Plocha\FRST.exe
2014-04-08 17:34 - 2014-04-08 17:33 - 00112640 ____C (forum.viry.cz) C:\Documents and Settings\Maminka\Plocha\FRSTLauncher.exe
2014-04-08 17:00 - 2014-04-08 17:00 - 00000000 ___DC () C:\Documents and Settings\Maminka\Data aplikací\Avira
2014-04-08 16:56 - 2014-04-08 16:56 - 00001707 ____C () C:\Documents and Settings\All Users\Plocha\Avira Control Center.lnk
2014-04-08 16:56 - 2014-04-08 16:56 - 00000000 ___DC () C:\Program Files\Avira
2014-04-08 16:56 - 2014-04-08 16:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2014-04-08 16:56 - 2014-04-08 16:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Data aplikací\Avira
2014-04-08 16:56 - 2013-12-09 11:37 - 00135648 ____C (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-04-08 16:56 - 2013-12-09 11:37 - 00090400 ____C (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-04-08 16:56 - 2013-12-09 11:37 - 00037352 ____C (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-04-08 16:56 - 2013-12-09 11:37 - 00028520 ____C (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-04-08 16:30 - 2014-04-08 16:31 - 00844464 ____C (Adobe Systems Incorporated) C:\Documents and Settings\Maminka\Plocha\uninstall_flash_player.exe
2014-04-01 22:12 - 2014-04-01 22:13 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-04-08 17:35 - 2014-04-08 17:35 - 00007141 ____C () C:\Documents and Settings\Maminka\Plocha\FRST.txt
2014-04-08 17:35 - 2014-04-08 17:34 - 00000000 ___DC () C:\FRST
2014-04-08 17:35 - 2010-09-24 13:59 - 00000000 ___DC () C:\Documents and Settings\Maminka\Plocha
2014-04-08 17:33 - 2014-04-08 17:34 - 01145856 ____C (Farbar) C:\Documents and Settings\Maminka\Plocha\FRST.exe
2014-04-08 17:33 - 2014-04-08 17:34 - 00112640 ____C (forum.viry.cz) C:\Documents and Settings\Maminka\Plocha\FRSTLauncher.exe
2014-04-08 17:06 - 2010-09-24 13:50 - 01805374 ____C () C:\WINDOWS\WindowsUpdate.log
2014-04-08 17:04 - 2010-09-24 16:22 - 00001080 ____C () C:\WINDOWS\system32\settingsbkup.sfm
2014-04-08 17:04 - 2010-09-24 16:22 - 00001080 ____C () C:\WINDOWS\system32\settings.sfm
2014-04-08 17:04 - 2010-09-24 16:22 - 00000024 ____C () C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-00000007-00001102-00000002-80651102}.dat
2014-04-08 17:04 - 2010-09-24 16:22 - 00000024 ____C () C:\WINDOWS\system32\DVCState-{00000000-00000000-00000007-00001102-00000002-80651102}.dat
2014-04-08 17:04 - 2010-09-24 13:57 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-04-08 17:03 - 2010-09-24 20:23 - 00524288 ____C () C:\WINDOWS\system32\config\ACEEvent.evt
2014-04-08 17:03 - 2010-09-24 13:59 - 00000178 __SHC () C:\Documents and Settings\Maminka\ntuser.ini
2014-04-08 17:03 - 2010-09-24 13:59 - 00000000 ___DC () C:\Documents and Settings\Maminka
2014-04-08 17:03 - 2010-09-24 13:57 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-08 17:00 - 2014-04-08 17:00 - 00000000 ___DC () C:\Documents and Settings\Maminka\Data aplikací\Avira
2014-04-08 17:00 - 2010-09-24 13:59 - 00000000 _RHDC () C:\Documents and Settings\Maminka\Data aplikací
2014-04-08 16:56 - 2014-04-08 16:56 - 00001707 ____C () C:\Documents and Settings\All Users\Plocha\Avira Control Center.lnk
2014-04-08 16:56 - 2014-04-08 16:56 - 00000000 ___DC () C:\Program Files\Avira
2014-04-08 16:56 - 2014-04-08 16:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2014-04-08 16:56 - 2014-04-08 16:56 - 00000000 ___DC () C:\Documents and Settings\All Users\Data aplikací\Avira
2014-04-08 16:56 - 2010-09-24 15:38 - 00000000 _RHDC () C:\Documents and Settings\All Users\Data aplikací
2014-04-08 16:56 - 2010-09-24 15:38 - 00000000 __RDC () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-04-08 16:56 - 2010-09-24 15:38 - 00000000 ___DC () C:\Documents and Settings\All Users\Plocha
2014-04-08 16:56 - 2010-09-24 13:51 - 00000000 _SHDC () C:\Documents and Settings\All Users\DRM
2014-04-08 16:52 - 2012-03-07 18:10 - 00000000 ___DC () C:\WINDOWS\system32\appmgmt
2014-04-08 16:51 - 2014-03-07 19:50 - 00000000 ___DC () C:\Program Files\FastShare
2014-04-08 16:51 - 2010-09-24 15:06 - 00000000 ___DC () C:\Documents and Settings\All Users\Data aplikací\avg9
2014-04-08 16:31 - 2014-04-08 16:30 - 00844464 ____C (Adobe Systems Incorporated) C:\Documents and Settings\Maminka\Plocha\uninstall_flash_player.exe
2014-04-08 16:04 - 2001-10-25 18:00 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2014-04-02 21:30 - 2010-09-24 15:39 - 00920954 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-01 22:16 - 2012-04-29 22:45 - 00000000 ___DC () C:\Program Files\Mozilla Maintenance Service
2014-04-01 22:13 - 2014-04-01 22:12 - 00000000 ___DC () C:\Program Files\Mozilla Firefox
2014-03-31 20:05 - 2010-09-24 15:31 - 00000000 ___DC () C:\Documents and Settings\Maminka\Data aplikací\Winamp
2014-03-29 20:15 - 2010-09-24 15:36 - 00000211 __SHC () C:\boot.ini
2014-03-29 20:15 - 2010-09-24 14:32 - 00000000 ___DC () C:\WINDOWS\pss
2014-03-29 20:15 - 2010-09-24 13:59 - 00000000 __RDC () C:\Documents and Settings\Maminka\Nabídka Start\Programy\Po spuštění
2014-03-29 20:15 - 2001-10-25 18:00 - 00000507 ____C () C:\WINDOWS\win.ini
2014-03-29 20:15 - 2001-10-25 18:00 - 00000227 ____C () C:\WINDOWS\system.ini
2014-03-29 19:57 - 2012-05-19 00:08 - 00000030 ____C () C:\WINDOWS\avp.ini
Some content of TEMP:
====================
C:\Documents and Settings\Maminka\Local Settings\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2008-04-14 10:52] - [2008-04-14 10:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\WINDOWS\system32\winlogon.exe
[2008-04-14 10:52] - [2008-04-14 10:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\WINDOWS\system32\svchost.exe
[2008-04-14 10:52] - [2008-04-14 10:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\WINDOWS\system32\services.exe
[2008-04-14 10:52] - [2008-04-14 10:52] - 0108544 ____A (Microsoft Corporation) f0d2ae69035092bf22dad6b50fab85c2
C:\WINDOWS\system32\User32.dll
[2008-04-14 10:52] - [2008-04-14 10:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\WINDOWS\system32\userinit.exe
[2008-04-14 10:52] - [2008-04-14 10:52] - 0026112 ___AC (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\WINDOWS\system32\rpcss.dll
[2008-04-14 10:51] - [2008-04-14 10:51] - 0399360 ____A (Microsoft Corporation) c868f3ae15cf71a93f2aa3a32856d839
ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 09:42] - [2008-04-14 09:42] - 0052480 ___AC (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
==================== End Of Log ============================
Přispějete na provoz fóra?