Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Mirek (administrator) on MIRA on 18-02-2014 14:07:06
Running from C:\Documents and Settings\Mirek\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 7
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(forum.viry.cz) C:\Documents and Settings\Mirek\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [13877248 2009-08-17] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-861567501-842925246-682003330-1003\...\Run: [NextLive] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Mirek\Data aplikací\newnext.me\nengine.dll",EntryPoint -m l
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ru.redirect.wrapper.services.alawar.ru/startpage.php?lang=cs&wspv=3.0&locale=cs&pid=10202
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
http://www.google.com/search?q={searchT ... {startPage}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Tcpip\..\Interfaces\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: [NameServer]10.1.0.56,10.1.0.20
Tcpip\..\Interfaces\{D003D105-377B-4264-9B0C-C75902A995F2}: [NameServer]10.1.0.56,10.1.0.20
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\0f9cek7x.default-1386354203562
FF Homepage: hxxp://
www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @powerchallenge.com/PowerLoader - C:\Documents and Settings\Mirek\Data aplikací\PowerChallenge\nppowerloader.dll (Power Challenge Sweden AB)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Adblock Plus - C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\0f9cek7x.default-1386354203562\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [
eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
Chrome:
=======
CHR RestoreOnStartup: "hxxp://
www.google.com/",
"ru.redirect.wrapper.services.alawar.ru/startpage.php?lang=cs&wspv=3.0&locale=cs&pid=10202"
CHR Extension: (Docs) - C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70352 2013-11-28] (Comodo Security Solutions, Inc.)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2013-11-28] (Comodo Security Solutions, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-01-29] (Oracle Corporation)
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [X]
S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" [X]
S2 Update Surftastic; "C:\Program Files\Surftastic\updateSurftastic.exe" [X]
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 CFRMD; C:\WINDOWS\System32\DRIVERS\CFRMD.sys [36112 2013-05-07] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [18528 2013-06-18] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [587352 2013-07-08] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [32816 2013-06-18] (COMODO)
R1 HMD; C:\WINDOWS\System32\DRIVERS\hmd.sys [14272 2013-10-07] ()
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [99520 2013-06-18] (COMODO)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [100736 2008-07-30] (NVIDIA Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-01-23] (Duplex Secure Ltd.)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2013-08-25] ()
S3 ZD1211BU(TP-LINK); C:\WINDOWS\System32\DRIVERS\zd1211Bu.sys [500736 2007-06-25] (Atheros Technology Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-18 14:07 - 2014-02-18 14:07 - 00010000 _____ () C:\Documents and Settings\Mirek\Plocha\FRST.txt
2014-02-18 14:05 - 2014-02-18 14:07 - 00000000 ____D () C:\FRST
2014-02-18 14:05 - 2014-02-18 14:05 - 01141248 _____ (Farbar) C:\Documents and Settings\Mirek\Plocha\FRST.exe
2014-02-18 14:05 - 2014-02-18 14:05 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Mirek\Plocha\FRSTLauncher.exe
2014-02-18 12:46 - 2014-02-18 12:46 - 00008349 _____ () C:\Documents and Settings\Mirek\Plocha\friends.txt
2014-02-16 13:26 - 2014-02-16 13:26 - 00004096 _____ () C:\WINDOWS\d3dx.dat
2014-02-16 13:26 - 2014-02-16 13:26 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\IteraLabs
2014-02-16 13:22 - 2014-02-16 13:25 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2014-02-16 13:22 - 2014-02-16 13:22 - 00000000 ____D () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\AlawarWrapper
2014-02-15 21:05 - 2014-02-18 12:56 - 00001612 _____ () C:\WINDOWS\wmsetup.log
2014-02-15 19:57 - 2014-02-15 19:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 09:40 - 2014-02-18 12:28 - 00060491 _____ () C:\WINDOWS\setupapi.log
2014-02-14 12:44 - 2014-02-14 12:44 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\Fenomen Games
2014-02-13 17:08 - 2014-02-13 16:23 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-02-13 16:45 - 2014-02-13 16:45 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\WinRAR
2014-02-13 16:26 - 2014-02-13 17:09 - 00026603 _____ () C:\zoek-results.log
2014-02-13 16:23 - 2014-02-13 16:51 - 00000000 ____D () C:\zoek_backup
2014-02-13 15:52 - 2014-02-13 16:14 - 00000000 ____D () C:\AdwCleaner
2014-02-13 15:51 - 2014-02-13 15:51 - 00002246 _____ () C:\Documents and Settings\Mirek\Plocha\JRT.txt
2014-02-13 15:35 - 2014-02-13 15:35 - 00000939 _____ () C:\Documents and Settings\Mirek\Plocha\Scan.txt
2014-02-13 15:32 - 2014-02-13 15:32 - 00001876 _____ () C:\sc-cleaner.txt
2014-02-11 08:26 - 2014-02-11 08:26 - 00000620 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-02-11 08:26 - 2014-02-11 08:26 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-01-29 13:39 - 2014-01-29 13:39 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\PowerChallenge
2014-01-29 13:32 - 2014-01-29 13:32 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-29 13:32 - 2014-01-29 13:32 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2014-01-29 13:32 - 2014-01-29 13:31 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-29 13:32 - 2014-01-29 13:31 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-29 13:32 - 2014-01-29 13:31 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-29 13:32 - 2014-01-29 13:31 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-29 13:32 - 2014-01-29 13:31 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-29 13:31 - 2014-01-29 13:31 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Sun
2014-01-26 15:02 - 2014-01-26 15:03 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Norton
2014-01-25 23:43 - 2014-01-26 00:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-01-25 23:43 - 2014-01-25 23:55 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-01-25 23:43 - 2014-01-25 23:43 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-23 15:04 - 2014-01-23 15:04 - 00001569 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\CDBurnerXP.lnk
2014-01-23 15:04 - 2014-01-23 15:04 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-01-23 15:04 - 2013-08-25 10:30 - 00013120 _____ () C:\WINDOWS\system32\Drivers\StarOpen.sys
2014-01-23 14:54 - 2014-01-23 14:54 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-01-23 14:54 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2014-01-23 14:53 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2014-01-23 14:53 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2014-01-23 14:52 - 2014-01-23 14:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-23 14:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2014-01-23 14:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-01-23 13:06 - 2014-01-23 13:49 - 00000124 _____ () C:\Documents and Settings\Mirek\Dokumenty\ax_files.xml
2014-01-23 12:51 - 2014-01-23 12:51 - 00320120 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2014-01-22 15:39 - 2014-01-22 15:39 - 00000000 ____D () C:\Program Files\AVG
==================== One Month Modified Files and Folders =======
2014-02-18 14:07 - 2014-02-18 14:07 - 00010000 _____ () C:\Documents and Settings\Mirek\Plocha\FRST.txt
2014-02-18 14:07 - 2014-02-18 14:05 - 00000000 ____D () C:\FRST
2014-02-18 14:07 - 2010-04-09 20:56 - 00000000 ____D () C:\Documents and Settings\Mirek\Plocha
2014-02-18 14:06 - 2010-04-09 20:56 - 00000000 ___HD () C:\Documents and Settings\Mirek\Local Settings\Data aplikací
2014-02-18 14:05 - 2014-02-18 14:05 - 01141248 _____ (Farbar) C:\Documents and Settings\Mirek\Plocha\FRST.exe
2014-02-18 14:05 - 2014-02-18 14:05 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Mirek\Plocha\FRSTLauncher.exe
2014-02-18 14:03 - 2001-10-25 17:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-18 13:31 - 2013-12-18 14:37 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-18 12:57 - 2010-04-09 20:40 - 01080432 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-18 12:56 - 2014-02-15 21:05 - 00001612 _____ () C:\WINDOWS\wmsetup.log
2014-02-18 12:46 - 2014-02-18 12:46 - 00008349 _____ () C:\Documents and Settings\Mirek\Plocha\friends.txt
2014-02-18 12:38 - 2010-04-09 22:15 - 00000000 ___RD () C:\Documents and Settings\Mirek\Dokumenty\plocha stará
2014-02-18 12:28 - 2014-02-15 09:40 - 00060491 _____ () C:\WINDOWS\setupapi.log
2014-02-18 12:27 - 2010-04-09 22:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-18 12:27 - 2010-04-09 22:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-18 12:27 - 2010-04-09 20:55 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-18 12:27 - 2009-08-17 02:03 - 00249324 _____ () C:\WINDOWS\system32\NvApps.xml
2014-02-18 01:55 - 2010-04-09 20:55 - 00032638 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-18 01:54 - 2010-04-09 20:56 - 00000178 ___SH () C:\Documents and Settings\Mirek\ntuser.ini
2014-02-18 01:07 - 2012-04-27 11:31 - 00000000 ___RD () C:\Documents and Settings\Mirek\Plocha\propaganda
2014-02-17 21:27 - 2010-04-09 21:19 - 00000000 ___RD () C:\Documents and Settings\Mirek\Dokumenty\Obrázky
2014-02-17 20:30 - 2013-12-08 09:21 - 00216465 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2014-02-17 18:35 - 2010-04-09 22:16 - 00000000 ___RD () C:\Documents and Settings\Mirek\Plocha\mp3
2014-02-16 23:28 - 2013-12-04 17:47 - 00000000 ____D () C:\Documents and Settings\Mirek\Dokumenty\Stažené soubory
2014-02-16 17:51 - 2013-12-13 12:30 - 00000000 ____D () C:\Program Files\Hry.cz
2014-02-16 17:51 - 2013-12-13 12:30 - 00000000 ____D () C:\Documents and Settings\Mirek\Nabídka Start\Programy\Hry.cz
2014-02-16 13:26 - 2014-02-16 13:26 - 00004096 _____ () C:\WINDOWS\d3dx.dat
2014-02-16 13:26 - 2014-02-16 13:26 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\IteraLabs
2014-02-16 13:26 - 2010-04-09 20:56 - 00000000 __RHD () C:\Documents and Settings\Mirek\Data aplikací
2014-02-16 13:25 - 2014-02-16 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
2014-02-16 13:25 - 2010-04-09 22:22 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-02-16 13:22 - 2014-02-16 13:22 - 00000000 ____D () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\AlawarWrapper
2014-02-16 13:22 - 2010-04-09 22:21 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-02-16 12:51 - 2010-04-09 22:22 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-02-16 12:51 - 2010-04-09 22:22 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-02-16 12:46 - 2012-11-04 21:17 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-15 21:58 - 2010-04-11 10:41 - 03828236 ___SH () C:\Documents and Settings\Mirek\Plocha\Thumbs.db
2014-02-15 19:57 - 2014-02-15 19:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-15 19:42 - 2013-12-09 19:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-15 19:42 - 2010-04-09 22:22 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start
2014-02-14 17:08 - 2010-04-09 20:56 - 00000000 ____D () C:\Documents and Settings\Mirek
2014-02-14 12:44 - 2014-02-14 12:44 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\Fenomen Games
2014-02-13 20:02 - 2012-01-27 02:01 - 00000000 ____D () C:\Documents and Settings\Mirek\Plocha\učení
2014-02-13 17:09 - 2014-02-13 16:26 - 00026603 _____ () C:\zoek-results.log
2014-02-13 16:51 - 2014-02-13 16:23 - 00000000 ____D () C:\zoek_backup
2014-02-13 16:45 - 2014-02-13 16:45 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\WinRAR
2014-02-13 16:32 - 2010-04-09 22:22 - 00000000 ___HD () C:\Documents and Settings\Default User\Local Settings\Data aplikací
2014-02-13 16:32 - 2010-04-09 22:21 - 00000000 __RHD () C:\Documents and Settings\Default User\Data aplikací
2014-02-13 16:32 - 2010-04-09 20:56 - 00000000 ___RD () C:\Documents and Settings\Mirek\Nabídka Start\Programy
2014-02-13 16:32 - 2010-04-09 20:55 - 00000000 ____D () C:\Documents and Settings\LocalService\Data aplikací
2014-02-13 16:27 - 2010-06-18 13:00 - 00089088 _____ () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-13 16:23 - 2014-02-13 17:08 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-02-13 16:14 - 2014-02-13 15:52 - 00000000 ____D () C:\AdwCleaner
2014-02-13 15:51 - 2014-02-13 15:51 - 00002246 _____ () C:\Documents and Settings\Mirek\Plocha\JRT.txt
2014-02-13 15:50 - 2010-07-19 14:40 - 00000000 ____D () C:\Program Files\Czech Soccer Manager 2002 FE
2014-02-13 15:35 - 2014-02-13 15:35 - 00000939 _____ () C:\Documents and Settings\Mirek\Plocha\Scan.txt
2014-02-13 15:32 - 2014-02-13 15:32 - 00001876 _____ () C:\sc-cleaner.txt
2014-02-13 15:30 - 2014-01-08 15:01 - 00002963 _____ () C:\Documents and Settings\Mirek\Plocha\Text.txt
2014-02-11 08:26 - 2014-02-11 08:26 - 00000620 __RSH () C:\Documents and Settings\All Users\ntuser.pol
2014-02-11 08:26 - 2014-02-11 08:26 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-02-11 08:26 - 2013-02-09 21:26 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-02-09 22:28 - 2010-04-09 20:56 - 00000000 ___HD () C:\Documents and Settings\Mirek\Okolní síť
2014-02-09 00:56 - 2010-04-09 20:56 - 00000000 ___RD () C:\Documents and Settings\Mirek\Dokumenty
2014-02-05 16:31 - 2012-05-25 22:17 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 16:31 - 2012-05-25 22:17 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-01 20:07 - 2013-01-05 18:03 - 00002421 _____ () C:\Documents and Settings\All Users\Plocha\FS Repaint v2.lnk
2014-01-29 18:27 - 2013-08-04 16:27 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\MagicIndie
2014-01-29 16:14 - 2010-07-19 14:33 - 00000000 ____D () C:\Documents and Settings\Mirek\Plocha\Manažer
2014-01-29 13:39 - 2014-01-29 13:39 - 00000000 ____D () C:\Documents and Settings\Mirek\Data aplikací\PowerChallenge
2014-01-29 13:32 - 2014-01-29 13:32 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-29 13:32 - 2014-01-29 13:32 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Java
2014-01-29 13:31 - 2014-01-29 13:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-29 13:31 - 2014-01-29 13:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-29 13:31 - 2014-01-29 13:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-29 13:31 - 2014-01-29 13:32 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-01-29 13:31 - 2014-01-29 13:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-29 13:31 - 2014-01-29 13:31 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Sun
2014-01-26 15:03 - 2014-01-26 15:02 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Norton
2014-01-26 14:55 - 2013-06-24 19:01 - 00000000 ___RD () C:\Documents and Settings\Mirek\Plocha\FOTKY
2014-01-26 00:35 - 2014-01-25 23:43 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-01-25 23:55 - 2014-01-25 23:43 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-01-25 23:43 - 2014-01-25 23:43 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-23 15:04 - 2014-01-23 15:04 - 00001569 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\CDBurnerXP.lnk
2014-01-23 15:04 - 2014-01-23 15:04 - 00000000 ____D () C:\Program Files\CDBurnerXP
2014-01-23 14:55 - 2010-04-15 14:11 - 00000000 ____D () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Adobe
2014-01-23 14:54 - 2014-01-23 14:54 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-01-23 14:54 - 2010-04-09 20:40 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-01-23 14:53 - 2010-04-09 22:16 - 00000000 ____D () C:\WINDOWS\system32\mui
2014-01-23 14:52 - 2014-01-23 14:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-23 13:49 - 2014-01-23 13:06 - 00000124 _____ () C:\Documents and Settings\Mirek\Dokumenty\ax_files.xml
2014-01-23 12:51 - 2014-01-23 12:51 - 00320120 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2014-01-22 17:05 - 2013-12-10 18:46 - 00000000 ____D () C:\Documents and Settings\Mirek\Local Settings\Data aplikací\ESET
2014-01-22 16:17 - 2010-04-18 17:02 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-22 15:39 - 2014-01-22 15:39 - 00000000 ____D () C:\Program Files\AVG
2014-01-19 11:59 - 2013-12-18 13:02 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVAST Software
Some content of TEMP:
====================
C:\Documents and Settings\Mirek\Local Settings\Temp\BrowserInfo.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2008-07-30 09:10] - [2008-07-30 09:10] - 1589760 ____A (Microsoft Corporation) dd7e25e20aebd672dae7e1d911c2d824
C:\WINDOWS\system32\winlogon.exe
[2008-07-30 09:17] - [2008-07-30 09:17] - 0557056 ____A (Microsoft Corporation) 12a799ad9415ae9c8abcc5f75e9cf034
C:\WINDOWS\system32\svchost.exe
[2008-04-14 09:52] - [2008-04-14 09:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\WINDOWS\system32\services.exe
[2008-04-14 09:52] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7
C:\WINDOWS\system32\User32.dll
[2008-07-30 09:16] - [2008-07-30 09:16] - 0578560 ____A (Microsoft Corporation) ccb32d10c69a89822e9134c0c4894be1
C:\WINDOWS\system32\userinit.exe
[2008-04-14 09:52] - [2008-04-14 09:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 08:42] - [2008-04-14 08:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: COMODO Antivirus (Disabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Mirek\Plocha" je 6689 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3
"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL
Reim ECHO je vypnut.
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"C:\\WINDOWS\\system32\\msiexec.exe"="C:\\WINDOWS\\system32\\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"="C:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe:*:Enabled:Instaltor AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Stahnete Shortcut Cleaner http://www.bleepingcomputer.com/downloa ... t-cleaner/
Není to virus, ale přesto nevím co s tím. Jinak ještě jednou díky