VIRY.CZ

Zpráva

petrys · #16 Příspěvek od **petrys** » 12 bře 2014 22:55

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Petr on st 12.03.2014 at 20:57:37,48.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Petr\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12.3.2014 21:02:20 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-796845957-1897051121-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{255E6619-7845-4704-8F7C-1A0368B902A3} deleted successfully
HKEY_USERS\S-1-5-21-796845957-1897051121-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AE56BFB6-5AC2-4A4D-8624-3D93166D6196} deleted successfully
HKEY_USERS\S-1-5-21-796845957-1897051121-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-796845957-1897051121-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-796845957-1897051121-839522115-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} deleted successfully
HKEY_USERS\S-1-5-21-796845957-1897051121-839522115-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{6E3C6B04-08FE-43BC-8E50-F90285024DEA} deleted successfully
HKEY_USERS\S-1-5-21-796845957-1897051121-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\xz123@ya456.com deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iSafeNetFilter deleted successfully

==== Deleting Files \ Folders ======================

C:\Program Files\GetNZB deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\GetNZB deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\genienext deleted
C:\Documents and Settings\Petr\daemonprocess.txt deleted
C:\Program Files\Conduit deleted
C:\Documents and Settings\Petr\Data aplikací\eCyber deleted
C:\Documents and Settings\Petr\Data aplikací\iSafe deleted
C:\Documents and Settings\Petr\Data aplikací\HoolappForAndroid deleted
C:\Documents and Settings\Petr\Data aplikací\SearchProtect deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\lpm.dat deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Conduit deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ICQ deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\CRE deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\BearShare deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\eSupport.com deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\NativeMessaging deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Mobogenie deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\cache deleted
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Conduit deleted
C:\Documents and Settings\All Users\Nabídka Start\Programy\YAC deleted
C:\WINDOWS\wininit.ini deleted
"C:\Documents and Settings\Petr\Data aplikací\ATI" deleted
"C:\Documents and Settings\Petr\Data aplikací\UseNeXT" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02.09.2009 02:00]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dedmngkbaffkenlfdcbganndoghblmap - C:\Program Files\BetterSurf\ch\Chrome.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[14.02.2014 18:32]
pkmpcdbgnfjfeelcpebpkflcmbkclfho - C:\Documents and Settings\Petr\Local Settings\Data aplikací\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pkmpcdbgnfjfeelcpebpkflcmbkclfho - C:\Documents and Settings\Petr\Local Settings\Data aplikací\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx[]

Docs - LocalService\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
avast Online Security - Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chrome Fix ======================

C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Extension Settings\pkmpcdbgnfjfeelcpebpkflcmbkclfho deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Bar"="http://www.bing.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{255E6619-7845-4704-8F7C-1A0368B902A3}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{255E6619-7845-4704-8F7C-1A0368B902A3}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\UpdatusUser\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=70341 folders=29884 19630160275 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully
C:\Documents and Settings\Administrator.PETR-6BAC822E39\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\Documents and Settings\Petr\Local Settings\temp will be emptied at reboot
C:\Documents and Settings\UpdatusUser\Local Settings\temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Petr\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Petr\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on st 12.03.2014 at 22:51:00,25 ======================

#17 Příspěvek od **vyosek** » 13 bře 2014 10:02

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

petrys · #18 Příspěvek od **petrys** » 13 bře 2014 11:21

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014
Ran by Petr (administrator) on PETR-6BAC822E39 on 13-03-2014 11:21:11
Running from C:\Documents and Settings\Petr\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Siliten) C:\Program Files\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe
(Siliten) C:\Program Files\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Petr\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-14] (AVAST Software)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [Launch SilverCrest STMS 2219 A1-K] - C:\Program Files\SilverCrest STMS 2219 A1 Driver\KbClient_FD2.exe [1424384 2012-07-06] (Siliten)
HKLM\...\Run: [Launch SilverCrest STMS 2219 A1-M] - C:\Program Files\SilverCrest STMS 2219 A1 Driver\MouClient_FD2.exe [862720 2012-07-06] (Siliten)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15678752 2013-10-29] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [223008 2013-10-29] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-11-23] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 212.24.148.99

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Disk Google) - C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-28]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Documents and Settings\Petr\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-28]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-14] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [116776 2013-12-06] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S2 Ati HotKey Poller; %SystemRoot%\system32\Ati2evxx.exe [X]
S2 UxTuneUp; %SystemRoot%\System32\uxtuneup.dll [X]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-02-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-02-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2013-11-28] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-02-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410784 2014-02-14] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35272 2013-11-28] (The OpenVPN Project)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-02-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2013-12-26] ()
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-07-26] ()
R2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [11264 2005-10-20] (ASUSTeK Computer Inc.)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] ()
R3 InputFilter_Hid_FlexDef2b; C:\WINDOWS\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 Iviaspi; C:\WINDOWS\System32\drivers\iviaspi.sys [10752 2003-12-25] (InterVideo, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
R3 MouFilter_Mou_FlexDef4; C:\WINDOWS\System32\DRIVERS\MouFilter_FlexDef4.sys [11776 2010-10-20] (Siliten)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [91496 2010-06-21] (NVIDIA Corporation)
R1 prodrv06; C:\WINDOWS\System32\drivers\prodrv06.sys [80768 2006-12-23] (Protection Technology)
R0 prohlp02; C:\WINDOWS\System32\drivers\prohlp02.sys [77120 2006-12-23] (Protection Technology)
R0 prosync1; C:\WINDOWS\System32\drivers\prosync1.sys [7136 2005-12-21] (Protection Technology)
R2 sfcure01; C:\WINDOWS\System32\drivers\sfcure01.sys [3072 2005-09-08] ()
R0 sfhlp01; C:\WINDOWS\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
R0 sfvfs02; C:\WINDOWS\System32\drivers\sfvfs02.sys [66560 2005-06-27] (Protection Technology)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-05-27] (Duplex Secure Ltd.)
S3 ubloxusb; C:\WINDOWS\System32\DRIVERS\ubloxusb.sys [75264 2009-11-27] (u-blox AG)
U3 a805hdo1; C:\WINDOWS\system32\Drivers\a805hdo1.sys [0 ] (Microsoft Corporation)
S1 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [X]
S0 aswNdis2; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-13 11:21 - 2014-03-13 11:21 - 00010589 _____ () C:\Documents and Settings\Petr\Plocha\FRST.txt
2014-03-13 11:21 - 2014-03-13 11:21 - 00000000 ____D () C:\FRST
2014-03-13 11:20 - 2014-03-13 11:20 - 01145856 _____ (Farbar) C:\Documents and Settings\Petr\Plocha\FRST.exe
2014-03-13 11:16 - 2014-03-13 11:16 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Petr\Plocha\FRSTLauncher.exe
2014-03-13 06:16 - 2014-03-13 06:16 - 00013488 _____ () C:\WINDOWS\iis6.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00012365 _____ () C:\WINDOWS\FaxSetup.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00005912 _____ () C:\WINDOWS\ocgen.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00005642 _____ () C:\WINDOWS\tsoc.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00004114 _____ () C:\WINDOWS\comsetup.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00003846 _____ () C:\WINDOWS\msmqinst.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00002494 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00002166 _____ () C:\WINDOWS\netfxocm.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 06:16 - 2014-03-13 06:16 - 00000850 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00000772 _____ () C:\WINDOWS\ocmsn.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00000622 _____ () C:\WINDOWS\tabletoc.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00000606 _____ () C:\WINDOWS\msgsocm.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 06:16 - 2014-03-13 06:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 22:54 - 2014-03-12 22:54 - 00011075 _____ () C:\Documents and Settings\Petr\Plocha\zoek-results.txt
2014-03-12 22:48 - 2014-03-12 20:57 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-03-12 21:02 - 2014-03-12 22:51 - 00011075 _____ () C:\zoek-results.log
2014-03-12 20:57 - 2014-03-12 22:43 - 00000000 ____D () C:\zoek_backup
2014-03-12 20:56 - 2014-03-12 20:57 - 01285120 _____ () C:\Documents and Settings\Petr\Plocha\zoek.exe
2014-03-12 20:47 - 2014-03-13 06:16 - 00008662 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 20:46 - 2014-03-13 06:16 - 00010009 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 00:44 - 2014-03-12 00:44 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-03-12 00:24 - 2014-03-12 00:24 - 00017604 _____ () C:\WINDOWS\setupapi.log
2014-03-12 00:24 - 2014-03-12 00:24 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-03-12 00:24 - 2014-03-12 00:24 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-11 05:06 - 2014-03-11 05:06 - 00000000 ____D () C:\Avenger
2014-03-10 12:52 - 2014-03-10 12:52 - 00018864 _____ () C:\Documents and Settings\Petr\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-03-10 10:01 - 2014-03-13 11:07 - 00126912 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 ____D () C:\rsit
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 ____D () C:\Program Files\trend micro
2014-02-27 18:51 - 2014-02-27 18:51 - 00000000 ____D () C:\Documents and Settings\Petr\Nabídka Start\Programy\Codemasters
2014-02-27 18:48 - 2014-02-27 18:48 - 00000000 ____D () C:\Program Files\Codemasters
2014-02-18 13:20 - 2014-02-18 13:20 - 00001720 _____ () C:\Documents and Settings\All Users\Plocha\Tropico 3 GOLD.lnk
2014-02-18 13:20 - 2014-02-18 13:20 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\GOG.com
2014-02-18 13:17 - 2014-02-18 14:21 - 00000000 ____D () C:\Documents and Settings\Petr\Data aplikací\Tropico 3
2014-02-18 13:17 - 2014-02-18 13:17 - 00000000 ____D () C:\Program Files\GOG.com
2014-02-16 20:33 - 2014-02-16 20:44 - 00000023 _____ () C:\WINDOWS\BlendSettings.ini
2014-02-16 17:50 - 2014-02-16 17:50 - 00001805 _____ () C:\Documents and Settings\All Users\Plocha\Oblivion.lnk
2014-02-16 17:44 - 2014-02-16 17:44 - 00000000 ____D () C:\Program Files\Bethesda Softworks
2014-02-16 17:44 - 2014-02-16 17:44 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Bethesda Softworks
2014-02-16 17:43 - 2014-02-16 18:36 - 00000000 ____D () C:\Documents and Settings\Petr\Local Settings\Data aplikací\Oblivion
2014-02-15 22:33 - 2014-02-15 22:33 - 00000000 ____D () C:\Documents and Settings\Petr\Data aplikací\2K Sports
2014-02-15 22:27 - 2014-02-15 22:27 - 00000811 _____ () C:\Documents and Settings\Petr\Plocha\NBA 2K12.lnk
2014-02-15 22:27 - 2014-02-15 22:27 - 00000000 ____D () C:\Documents and Settings\Petr\Nabídka Start\Programy\2K Sports
2014-02-15 22:15 - 2014-02-15 22:15 - 00000000 ____D () C:\Program Files\2K Sports
2014-02-14 14:08 - 2014-02-14 14:08 - 00001430 _____ () C:\Documents and Settings\Petr\Plocha\Amnesia.lnk
2014-02-14 14:03 - 2014-02-14 14:03 - 00000000 ____D () C:\TopCD
2014-02-14 02:01 - 2013-10-01 09:53 - 00030504 _____ (Phoenix Technologies) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
2014-02-14 01:52 - 2014-02-14 01:52 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-02-13 22:45 - 2014-02-13 22:45 - 00000917 _____ () C:\Documents and Settings\Petr\Plocha\Revo Uninstaller.lnk
2014-02-13 22:45 - 2014-02-13 22:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-12 22:14 - 2014-02-12 22:37 - 00000000 ____D () C:\Documents and Settings\Petr\Data aplikací\.minecraft

==================== One Month Modified Files and Folders =======

2014-03-13 11:21 - 2014-03-13 11:21 - 00010589 _____ () C:\Documents and Settings\Petr\Plocha\FRST.txt
2014-03-13 11:21 - 2014-03-13 11:21 - 00000000 ____D () C:\FRST
2014-03-13 11:21 - 2002-01-01 01:29 - 00000000 ____D () C:\Documents and Settings\Petr\Plocha
2014-03-13 11:20 - 2014-03-13 11:20 - 01145856 _____ (Farbar) C:\Documents and Settings\Petr\Plocha\FRST.exe
2014-03-13 11:20 - 2002-01-01 01:29 - 00000000 ___HD () C:\Documents and Settings\Petr\Local Settings\Data aplikací
2014-03-13 11:16 - 2014-03-13 11:16 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Petr\Plocha\FRSTLauncher.exe
2014-03-13 11:15 - 2011-10-31 20:07 - 00001984 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-13 11:13 - 2013-12-06 13:24 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-13 11:11 - 2014-01-30 14:40 - 00005664 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-03-13 11:10 - 2013-11-30 12:52 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-03-13 11:10 - 2002-01-01 01:11 - 01205964 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-13 11:08 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-13 11:07 - 2014-03-10 10:01 - 00126912 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-13 11:07 - 2002-01-01 01:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-13 06:17 - 2002-01-01 01:28 - 00032460 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-13 06:16 - 2014-03-13 06:16 - 00013488 _____ () C:\WINDOWS\iis6.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00012365 _____ () C:\WINDOWS\FaxSetup.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00005912 _____ () C:\WINDOWS\ocgen.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00005642 _____ () C:\WINDOWS\tsoc.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00004114 _____ () C:\WINDOWS\comsetup.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00003846 _____ () C:\WINDOWS\msmqinst.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00002494 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00002166 _____ () C:\WINDOWS\netfxocm.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-13 06:16 - 2014-03-13 06:16 - 00000850 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00000772 _____ () C:\WINDOWS\ocmsn.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00000622 _____ () C:\WINDOWS\tabletoc.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00000606 _____ () C:\WINDOWS\msgsocm.log
2014-03-13 06:16 - 2014-03-13 06:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 06:16 - 2014-03-13 06:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 06:16 - 2014-03-12 20:47 - 00008662 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 06:16 - 2014-03-12 20:46 - 00010009 _____ () C:\WINDOWS\KB2930275.log
2014-03-13 06:14 - 2002-01-01 01:29 - 00000178 ___SH () C:\Documents and Settings\Petr\ntuser.ini
2014-03-13 05:44 - 2013-12-04 20:29 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-13 01:22 - 2012-03-08 00:05 - 00000464 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{7406FA15-F8B3-42C0-8722-DA1B8E116110}.job
2014-03-12 22:54 - 2014-03-12 22:54 - 00011075 _____ () C:\Documents and Settings\Petr\Plocha\zoek-results.txt
2014-03-12 22:51 - 2014-03-12 21:02 - 00011075 _____ () C:\zoek-results.log
2014-03-12 22:43 - 2014-03-12 20:57 - 00000000 ____D () C:\zoek_backup
2014-03-12 22:42 - 2002-01-01 01:51 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-03-12 22:42 - 2002-01-01 01:51 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-03-12 22:42 - 2002-01-01 01:29 - 00000000 __RHD () C:\Documents and Settings\Petr\Data aplikací
2014-03-12 22:42 - 2002-01-01 01:29 - 00000000 ____D () C:\Documents and Settings\Petr
2014-03-12 20:57 - 2014-03-12 22:48 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-03-12 20:57 - 2014-03-12 20:56 - 01285120 _____ () C:\Documents and Settings\Petr\Plocha\zoek.exe
2014-03-12 00:44 - 2014-03-12 00:44 - 05777288 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-03-12 00:44 - 2012-12-14 22:28 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 00:44 - 2012-12-14 22:28 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-12 00:24 - 2014-03-12 00:24 - 00017604 _____ () C:\WINDOWS\setupapi.log
2014-03-12 00:24 - 2014-03-12 00:24 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-03-12 00:24 - 2014-03-12 00:24 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-11 05:06 - 2014-03-11 05:06 - 00000000 ____D () C:\Avenger
2014-03-11 05:06 - 2002-01-01 01:46 - 00000000 ____D () C:\WINDOWS\PeerNet
2014-03-10 12:52 - 2014-03-10 12:52 - 00018864 _____ () C:\Documents and Settings\Petr\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-03-10 00:53 - 2009-04-22 08:27 - 00000000 ____D () C:\Documents and Settings\Petr\Data aplikací\DAEMON Tools Lite
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 ____D () C:\rsit
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 ____D () C:\Program Files\trend micro
2014-03-05 18:23 - 2002-01-01 01:51 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-02-28 13:25 - 2002-01-01 02:17 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-27 18:51 - 2014-02-27 18:51 - 00000000 ____D () C:\Documents and Settings\Petr\Nabídka Start\Programy\Codemasters
2014-02-27 18:51 - 2002-01-01 01:29 - 00000000 ___RD () C:\Documents and Settings\Petr\Nabídka Start\Programy
2014-02-27 18:48 - 2014-02-27 18:48 - 00000000 ____D () C:\Program Files\Codemasters
2014-02-27 01:01 - 2002-01-01 01:29 - 00000803 _____ () C:\Documents and Settings\Petr\Nabídka Start\Programy\Internet Explorer.lnk
2014-02-26 13:18 - 2002-01-01 01:46 - 00000000 ____D () C:\WINDOWS\Media
2014-02-26 13:18 - 2002-01-01 01:46 - 00000000 ____D () C:\WINDOWS\Help
2014-02-26 13:10 - 2009-06-17 00:14 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-02-26 13:03 - 2012-08-19 18:30 - 00000000 ____D () C:\Documents and Settings\Petr\Nabídka Start\Programy\Soldier of Fortune II - Double Helix GOLD - Help
2014-02-26 13:03 - 2009-11-28 18:44 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-18 14:21 - 2014-02-18 13:17 - 00000000 ____D () C:\Documents and Settings\Petr\Data aplikací\Tropico 3
2014-02-18 13:20 - 2014-02-18 13:20 - 00001720 _____ () C:\Documents and Settings\All Users\Plocha\Tropico 3 GOLD.lnk
2014-02-18 13:20 - 2014-02-18 13:20 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\GOG.com
2014-02-18 13:17 - 2014-02-18 13:17 - 00000000 ____D () C:\Program Files\GOG.com
2014-02-18 01:31 - 2002-01-01 01:51 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-02-18 01:25 - 2002-01-01 01:30 - 00000000 ___RD () C:\Hry
2014-02-18 01:18 - 2013-03-11 21:21 - 00000000 ____D () C:\Documents and Settings\Petr\Data aplikací\Gearbox Software
2014-02-16 20:44 - 2014-02-16 20:33 - 00000023 _____ () C:\WINDOWS\BlendSettings.ini
2014-02-16 18:36 - 2014-02-16 17:43 - 00000000 ____D () C:\Documents and Settings\Petr\Local Settings\Data aplikací\Oblivion
2014-02-16 17:50 - 2014-02-16 17:50 - 00001805 _____ () C:\Documents and Settings\All Users\Plocha\Oblivion.lnk
2014-02-16 17:45 - 2002-01-01 01:11 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-02-16 17:44 - 2014-02-16 17:44 - 00000000 ____D () C:\Program Files\Bethesda Softworks
2014-02-16 17:44 - 2014-02-16 17:44 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Bethesda Softworks
2014-02-15 22:33 - 2014-02-15 22:33 - 00000000 ____D () C:\Documents and Settings\Petr\Data aplikací\2K Sports
2014-02-15 22:27 - 2014-02-15 22:27 - 00000811 _____ () C:\Documents and Settings\Petr\Plocha\NBA 2K12.lnk
2014-02-15 22:27 - 2014-02-15 22:27 - 00000000 ____D () C:\Documents and Settings\Petr\Nabídka Start\Programy\2K Sports
2014-02-15 22:15 - 2014-02-15 22:15 - 00000000 ____D () C:\Program Files\2K Sports
2014-02-15 19:19 - 2012-08-20 16:22 - 00000000 ____D () C:\Program Files\Ubisoft
2014-02-14 18:33 - 2013-03-20 21:10 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-02-14 18:32 - 2013-11-28 11:44 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-02-14 18:32 - 2013-11-28 11:44 - 00410784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-02-14 18:32 - 2013-11-28 11:44 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-02-14 18:32 - 2013-11-28 11:44 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-02-14 18:32 - 2013-11-28 11:44 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-02-14 18:32 - 2013-11-28 11:44 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-02-14 14:08 - 2014-02-14 14:08 - 00001430 _____ () C:\Documents and Settings\Petr\Plocha\Amnesia.lnk
2014-02-14 14:08 - 2011-11-22 15:37 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\TopCD
2014-02-14 14:03 - 2014-02-14 14:03 - 00000000 ____D () C:\TopCD
2014-02-14 11:56 - 2012-08-10 12:20 - 00000000 ____D () C:\Documents and Settings\Petr\Nabídka Start\Programy\GameSpy Arcade
2014-02-14 01:52 - 2014-02-14 01:52 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
2014-02-13 23:03 - 2013-05-18 16:14 - 00002347 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Adobe Reader X.lnk
2014-02-13 22:45 - 2014-02-13 22:45 - 00000917 _____ () C:\Documents and Settings\Petr\Plocha\Revo Uninstaller.lnk
2014-02-13 22:45 - 2014-02-13 22:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-13 16:21 - 2002-01-01 02:18 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-13 04:59 - 2002-01-01 01:52 - 01475330 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-13 04:53 - 2013-08-03 18:44 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-13 04:49 - 2009-04-13 12:51 - 85946576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-12 22:37 - 2014-02-12 22:14 - 00000000 ____D () C:\Documents and Settings\Petr\Data aplikací\.minecraft
2014-02-12 12:45 - 2011-04-18 16:34 - 00021840 ___CT () C:\WINDOWS\system32\SIntfNT.dll
2014-02-12 12:45 - 2011-04-18 16:34 - 00017212 ___CT () C:\WINDOWS\system32\SIntf32.dll
2014-02-12 12:45 - 2011-04-18 16:34 - 00012067 ___CT () C:\WINDOWS\system32\SIntf16.dll
2014-02-11 02:17 - 2002-01-01 01:31 - 00067072 _____ () C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-17 15:49] - [2008-04-14 04:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2004-08-17 15:49] - [2008-04-14 04:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2004-08-17 15:49] - [2008-04-14 04:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2004-08-17 15:49] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2004-08-17 15:49] - [2008-04-14 04:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2004-08-17 15:49] - [2008-04-14 04:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-17 15:44] - [2008-04-14 03:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:335.34 GB) (Free:25.57 GB) NTFS ==>[Drive with boot components (Windows XP)]

Available physical RAM: 267.16 MB
Total physical RAM: 1023.23 MB
Percentage of memory in use: 73%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 335 GB) (Disk ID: 71446ED5)
Partition 1: (Active) - (Size=335 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{7406FA15-F8B3-42C0-8722-DA1B8E116110}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:44B3D4C0
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:C1F4198F
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Petr\Plocha" je 2 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"="C:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"="C:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe:*:Enabled:NBA 2K12"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#19 Příspěvek od **vyosek** » 14 bře 2014 02:46

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

2014-03-13 11:16 - 2014-03-13 11:16 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Petr\Plocha\FRSTLauncher.exe
2014-03-12 22:54 - 2014-03-12 22:54 - 00011075 _____ () C:\Documents and Settings\Petr\Plocha\zoek-results.txt
2014-03-12 22:48 - 2014-03-12 20:57 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-03-12 21:02 - 2014-03-12 22:51 - 00011075 _____ () C:\zoek-results.log
2014-03-12 20:57 - 2014-03-12 22:43 - 00000000 ____D () C:\zoek_backup
2014-03-12 20:56 - 2014-03-12 20:57 - 01285120 _____ () C:\Documents and Settings\Petr\Plocha\zoek.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{7406FA15-F8B3-42C0-8722-DA1B8E116110}.job => C:\WINDOWS\system32\msfeedssync.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:44B3D4C0
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:C1F4198F
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

petrys · #20 Příspěvek od **petrys** » 14 bře 2014 16:17

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014
Ran by Petr at 2014-03-14 16:12:40 Run:1
Running from C:\Documents and Settings\Petr\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}

2014-03-13 11:16 - 2014-03-13 11:16 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Petr\Plocha\FRSTLauncher.exe
2014-03-12 22:54 - 2014-03-12 22:54 - 00011075 _____ () C:\Documents and Settings\Petr\Plocha\zoek-results.txt
2014-03-12 22:48 - 2014-03-12 20:57 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-03-12 21:02 - 2014-03-12 22:51 - 00011075 _____ () C:\zoek-results.log
2014-03-12 20:57 - 2014-03-12 22:43 - 00000000 ____D () C:\zoek_backup
2014-03-12 20:56 - 2014-03-12 20:57 - 01285120 _____ () C:\Documents and Settings\Petr\Plocha\zoek.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{7406FA15-F8B3-42C0-8722-DA1B8E116110}.job => C:\WINDOWS\system32\msfeedssync.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:44B3D4C0
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:C1F4198F
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
C:\Documents and Settings\Petr\Plocha\FRSTLauncher.exe => Moved successfully.
"C:\Documents and Settings\Petr\Plocha\zoek-results.txt" => File/Directory not found.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\Petr\Plocha\zoek.exe => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\avast! Emergency Update.job => Moved successfully.
C:\WINDOWS\Tasks\MP Scheduled Scan.job => Moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{7406FA15-F8B3-42C0-8722-DA1B8E116110}.job => Moved successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":44B3D4C0" ADS removed successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":C1F4198F" ADS removed successfully.
C:\Documents and Settings\All Users\Data aplikací\TEMP => ":D1B5B4F1" ADS removed successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokončena úspěšně.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

#21 Příspěvek od **vyosek** » 14 bře 2014 20:54

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

petrys · #22 Příspěvek od **petrys** » 15 bře 2014 13:38

Prosím měl bych ještě otázečku.Né,že by to překaželo ale mám na C čku složku Qoobox,nemá žádnou velikost,nejde odstranit.Rekl bych ze jde o nejakou zalohu,ještě má složku BackEnv.Nevím jestli to není treba po combofixu nebo nejakem nastroji z minule co jsem tady byl.Chtěl jsem se jen zeptat co je to.Jestli to pujde něčím odstranit či to nechat byt
Jinak uklid jsem provedl,pc bězi jak po masle, opět vam moc dekuji za vas cas a pročisteni

#23 Příspěvek od **vyosek** » 16 bře 2014 16:52

Najdete tento soubor c:\windows\system32\cmd.exe, kliknete na nej pravym mysidlem a dejte Run As Administrator ci Spustit jako spravce, pak napiste CACLS "C:\Qoobox\BackEnv" /T /E /G Everyone:F - enter

A mel by jit normalne smazat

petrys · #24 Příspěvek od **petrys** » 16 bře 2014 20:12

Díky to je vše

#25 Příspěvek od **vyosek** » 16 bře 2014 20:22

Nemate zac, rad jsem pomohl

Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat

VIRY.CZ

vir

Re: vir

Re: vir

Re: vir

Re: vir

Re: vir

Re: vir

Re: vir

Re: vir

Re: vir

Re: vir