Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by Angi (administrator) on ANGI-MZVCHXRX6F on 27-05-2015 23:00:44
Running from C:\Documents and Settings\Angi\Plocha
Loaded Profiles: Angi (Available Profiles: Angi & Admin)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(SXR Software) C:\Program Files\SXR Software\StatWin\ExecStat.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(SXR Software) C:\Program Files\SXR Software\StatWin\ExecStat.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AutoKMS] => C:\WINDOWS\AutoKMS.exe [615936 2015-02-14] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [ES] => C:\Program Files\SXR Software\StatWin\ExecStat.exe [325960 2012-02-06] (SXR Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKU\S-1-5-21-1004336348-362288127-839522115-1003\...\Run: [a27e3f97bad4b63ab7875261d568f4b] => C:\Documents and Settings\Angi\Local Settings\Data aplikací\a27e3f97bad4b63ab7875261d568f4b.exe [153299 2015-05-27] (Flash )
HKU\S-1-5-21-1004336348-362288127-839522115-1003\...\MountPoints2: {1dca1316-bdf8-11dc-b804-0016e6489920} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mystartsearch.com/?type=hp&t ... 2025720257
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.mystartsearch.com/?type=hp&t ... 2025720257
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mystartsearch.com/?type=hp&t ... 2025720257
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Prev Search Page =
http://google.icq.com
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Prev Search Bar =
http://google.icq.com/search/search_frame.php
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,ICQ Search =
http://www.icq.com/search/results.php?q ... &ch_id=osd
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.mystartsearch.com/web/?type= ... earchTerms}
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.msn.com/?pc=AV01
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.mystartsearch.com/?type=hp&t ... 2025720257
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.mystartsearch.com/web/?type= ... earchTerms}
URLSearchHook: HKU\S-1-5-21-1004336348-362288127-839522115-1003 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL =
http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
http://do-search.com/web/?utm_source=b& ... earchTerms}
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\XTab\SupTab.dll [2015-05-20] (Thinknice Co. Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: No Name -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {33564D57-0000-0010-8000-00AA00389B71}
http://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71}
http://download.microsoft.com/download/ ... mv9dmo.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458}
https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
https://download.macromedia.com/pub/sho ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: WSIEChrome - No CLSID Value -
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
http://www.mystartsearch.com/?type=sc&t ... 2025720257
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Angi\Data aplikací\Mozilla\Firefox\Profiles\c535dcqe.default-1426437749531
FF NewTab: hxxp://
www.delta-homes.com/newtab/?type=nt&ts= ... 2025720257
FF SelectedSearchEngine: delta-homes
FF Homepage:
https://seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-362288127-839522115-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Angi\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1004336348-362288127-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Angi\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2007-12-19] ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml [2015-05-20]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-03-05]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-05-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-03-04]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapodhaoggdemfffbmjpgfgekfjjpe [2015-04-22]
CHR Extension: (Docs) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-22]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-22]
CHR Extension: (No Name) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR HKLM\...\Chrome\Extension: [aaaapodhaoggdemfffbmjpgfgekfjjpe] - C:\Documents and Settings\Angi\Local Settings\Data aplikací\APN\GoogleCRXs\aaaapodhaoggdemfffbmjpgfgekfjjpe_7.13.1.0.crx [2011-10-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Mozilla Firefox\Opera.exe
http://www.mystartsearch.com/?type=sc&t ... 2025720257
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [157824 2015-05-20] (XTab system)
R2 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161664 2012-04-04] (Oracle Corporation)
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [77824 2004-02-29] (NVIDIA Corporation) [File not signed]
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 SW Administration Service; C:\Program Files\SXR Software\StatWin\ExecStat.exe [325960 2012-02-06] (SXR Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [42496 2005-03-09] (Advanced Micro Devices)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 gdrv; C:\WINDOWS\gdrv.sys [4096 2006-05-27] () [File not signed]
R2 hwpsgt; C:\WINDOWS\System32\DRIVERS\hwpsgt.sys [137344 2006-12-26] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R2 ithsgt; C:\WINDOWS\System32\DRIVERS\ithsgt.sys [162432 2007-10-13] () [File not signed]
R2 lemsgt; C:\WINDOWS\System32\DRIVERS\lemsgt.sys [9472 2006-12-26] () [File not signed]
R2 lilsgt; C:\WINDOWS\System32\DRIVERS\lilsgt.sys [12032 2007-10-13] () [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1893728 2004-02-29] (NVIDIA Corporation) [File not signed]
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [93568 2005-08-18] (NVIDIA Corporation) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [71168 2004-10-15] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 s1018obex; C:\WINDOWS\System32\DRIVERS\s1018obex.sys [104616 2008-11-04] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [642560 2006-07-05] () [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S3 W700bus; C:\WINDOWS\System32\DRIVERS\W700bus.sys [61536 2006-02-19] (MCCI)
S3 W700mdfl; C:\WINDOWS\System32\DRIVERS\W700mdfl.sys [9264 2006-02-19] (MCCI)
S3 W700mdm; C:\WINDOWS\System32\DRIVERS\W700mdm.sys [97056 2006-02-19] (MCCI)
S3 W700obex; C:\WINDOWS\System32\DRIVERS\W700obex.sys [86368 2006-02-19] (MCCI)
S3 DKbFltr; System32\Drivers\DKbFltr.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-27 23:00 - 2015-05-27 23:00 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\posledni
2015-05-27 22:56 - 2015-05-27 22:57 - 00026507 _____ () C:\Documents and Settings\Angi\Plocha\Addition.txt
2015-05-27 22:55 - 2015-05-27 23:00 - 00022532 _____ () C:\Documents and Settings\Angi\Plocha\FRST.txt
2015-05-27 22:53 - 2015-05-27 23:00 - 00000000 ____D () C:\FRST
2015-05-27 21:52 - 2015-05-27 21:52 - 01147392 _____ (Farbar) C:\Documents and Settings\Angi\Plocha\FRST.exe
2015-05-27 16:13 - 2015-05-27 22:24 - 00153299 _____ (Flash ) C:\Documents and Settings\Angi\Local Settings\Data aplikací\a27e3f97bad4b63ab7875261d568f4b.exe
2015-05-20 17:40 - 2015-05-20 17:40 - 00000000 ____D () C:\Program Files\XTab
2015-05-20 17:40 - 2015-05-20 17:40 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\IHProtectUpDate
2015-05-16 11:47 - 2015-05-16 11:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 20:46 - 2015-05-14 20:44 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\Recepty
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-27 23:00 - 2006-05-27 23:04 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha
2015-05-27 23:00 - 2006-05-27 23:04 - 00000000 ____D () C:\Documents and Settings\Angi\Local Settings\Temp
2015-05-27 22:59 - 2012-05-17 17:15 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-27 22:14 - 2015-04-22 18:58 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 21:59 - 2012-08-18 10:22 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-27 21:52 - 2014-02-13 11:30 - 00000000 ____D () C:\Documents and Settings\Angi\Dokumenty\Stažené soubory
2015-05-27 20:25 - 2013-10-03 11:20 - 00000988 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003UA.job
2015-05-27 19:27 - 2015-04-22 18:58 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 19:27 - 2015-02-11 18:35 - 00086485 _____ () C:\WINDOWS\setupapi.log
2015-05-27 19:27 - 2006-05-28 00:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-27 19:27 - 2006-05-28 00:56 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-27 19:26 - 2006-05-27 23:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-27 19:16 - 2014-11-10 20:39 - 00176226 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-27 19:16 - 2006-05-27 23:04 - 00032362 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-27 17:06 - 2011-10-07 14:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-27 17:06 - 2006-05-28 00:55 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-05-27 17:06 - 2006-05-28 00:54 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-05-27 17:05 - 2006-05-30 16:19 - 00153600 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-27 17:05 - 2006-05-29 22:46 - 00000049 _____ () C:\WINDOWS\NeroDigital.ini
2015-05-27 16:17 - 2006-05-27 23:04 - 00000000 __RHD () C:\Documents and Settings\Angi\Data aplikací
2015-05-27 16:13 - 2006-05-27 23:04 - 00000000 ___HD () C:\Documents and Settings\Angi\Local Settings\Data aplikací
2015-05-27 11:25 - 2013-10-03 11:20 - 00000966 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003Core.job
2015-05-27 00:18 - 2006-05-27 23:04 - 00000272 ___SH () C:\Documents and Settings\Angi\ntuser.ini
2015-05-26 21:11 - 2009-10-17 17:18 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Filmy
2015-05-23 17:59 - 2015-03-05 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect
2015-05-20 17:38 - 2009-07-14 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ICQ
2015-05-18 00:41 - 2015-02-14 09:55 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-05-16 16:25 - 2006-05-27 23:05 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Obrázky
2015-05-16 15:21 - 2012-05-03 19:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-15 12:12 - 2015-02-14 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-05-13 14:14 - 2011-03-04 23:58 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Hudba
2015-05-11 19:44 - 2001-10-25 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-30 23:19 - 2012-10-24 15:03 - 00000000 ____D () C:\Stazene
2015-04-30 21:23 - 2015-04-12 21:00 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\nove
==================== Files in the root of some directories =======
2015-05-27 16:13 - 2015-05-27 22:24 - 0153299 _____ (Flash ) C:\Documents and Settings\Angi\Local Settings\Data aplikací\a27e3f97bad4b63ab7875261d568f4b.exe
2006-05-30 16:19 - 2015-05-27 17:05 - 0153600 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-05-27 23:23 - 2006-05-27 23:23 - 0000124 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\fusioncache.dat
Some files in TEMP:
====================
C:\Documents and Settings\Angi\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\Angi\Local Settings\Temp\ecgcabfbdfbhh.exe
C:\Documents and Settings\Angi\Local Settings\Temp\FreemakeVideoConverterFull.exe
C:\Documents and Settings\Angi\Local Settings\Temp\hellow.exe
C:\Documents and Settings\Angi\Local Settings\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Documents and Settings\Angi\Local Settings\Temp\MovieStudio.exe
C:\Documents and Settings\Angi\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\Angi\Local Settings\Temp\Statwin total pe 8 2 1 1__10924_i1504972756_il1440815.exe
C:\Documents and Settings\Angi\Local Settings\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================