Nelze se příhlásit do XP, pls o kontrolu
Napsal: 15 úno 2014 11:37
Zdravím a prosím o radu. XP se spustí do přihlašovací tabulky uživatelů, při pokusu o přihlášení některého uživatele spadnou. Předpokládám, že PC bude dost zahnojené, neb jej používá otec...
Log vytvořen v nouzovém režimu:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Administrator (administrator) on FERDA-BDED3D98E on 15-02-2014 11:27:35
Running from C:\Documents and Settings\Administrator\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Safe Mode (with Networking)
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\ecls.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [PtiuPbmd] - C:\WINDOWS\system32\ptipbm.dll [24576 2003-01-15] (Promise Technology,Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [16744256 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [203072 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1632360 2011-10-08] ()
HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonQuickMenu] - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Documents and Settings\Ferda_uzivatel\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tghc91vm.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-02-22]
========================== Services (Whitelisted) =================
S2 ACS; C:\WINDOWS\system32\acs.exe [499796 2011-03-31] (Atheros)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-22] (ESET)
S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-03-31] (wireless)
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-08] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( )
R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( )
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [42496 2005-03-09] (Advanced Micro Devices)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1606976 2011-04-12] (Atheros Communications, Inc.)
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] ()
S2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [154136 2011-08-09] (ESET)
S1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
S2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39824 2011-08-09] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61936 2011-08-04] (ESET)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2011-03-31] (Atheros Communications, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2011-03-31] (Atheros Communications, Inc.)
S4 IntelIde; No ImagePath
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-15 11:36 - 2014-02-15 11:36 - 00000000 ____D () C:\WINDOWS.0
2014-02-15 11:27 - 2014-02-15 11:27 - 00007931 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-02-15 11:27 - 2014-02-15 11:27 - 00000000 ____D () C:\FRST
2014-02-15 11:25 - 2014-02-15 11:15 - 01141248 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-02-15 11:25 - 2014-02-15 11:15 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-02-15 11:06 - 2014-02-15 11:06 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-15 10:54 - 2014-02-15 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-02.dmp
2014-02-15 09:30 - 2014-02-15 09:30 - 00000413 _____ () C:\WINDOWS\WINNT32.LOG
2014-02-15 09:30 - 2014-02-15 09:30 - 00000225 _____ () C:\WINDOWS\DHCPUPG.LOG
2014-02-15 09:18 - 2014-02-15 09:18 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-15 09:17 - 2014-02-15 09:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\TP-LINK
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-02-15 09:15 - 2014-02-15 11:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2014-02-15 09:15 - 2014-02-15 11:26 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-02-15 09:15 - 2014-02-15 11:22 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2014-02-15 09:15 - 2014-02-15 09:31 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-15 09:15 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___HD () C:\Documents and Settings\Administrator\Okolní tiskárny
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___HD () C:\Documents and Settings\Administrator\Okolní síť
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Oblíbené položky
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Dokumenty
2014-02-15 09:15 - 2012-02-20 19:37 - 00001599 _____ () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-02-15 09:15 - 2012-02-20 19:37 - 00000792 _____ () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Windows Media Player.lnk
2014-02-15 09:15 - 2012-02-20 19:37 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
2014-02-15 09:15 - 2012-02-20 19:37 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy
2014-02-15 09:15 - 2012-02-20 19:33 - 00000000 ___HD () C:\Documents and Settings\Administrator\Šablony
2014-02-15 09:12 - 2014-02-15 09:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-01.dmp
==================== One Month Modified Files and Folders =======
2014-02-15 11:36 - 2014-02-15 11:36 - 00000000 ____D () C:\WINDOWS.0
2014-02-15 11:27 - 2014-02-15 11:27 - 00007931 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-02-15 11:27 - 2014-02-15 11:27 - 00000000 ____D () C:\FRST
2014-02-15 11:27 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2014-02-15 11:26 - 2014-02-15 09:15 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-02-15 11:23 - 2012-02-22 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha\2
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-02-15 11:22 - 2014-02-15 09:15 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2014-02-15 11:21 - 2012-02-20 20:27 - 00511716 _____ () C:\WINDOWS\setupapi.log
2014-02-15 11:20 - 2012-04-04 20:03 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-02-15 11:20 - 2012-02-20 20:30 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-02-15 11:20 - 2012-02-20 20:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-15 11:20 - 2012-02-20 19:40 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-15 11:20 - 2012-02-20 19:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-15 11:20 - 2012-02-20 19:36 - 01158840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-15 11:15 - 2014-02-15 11:25 - 01141248 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-02-15 11:15 - 2014-02-15 11:25 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-02-15 11:06 - 2014-02-15 11:06 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-15 10:54 - 2014-02-15 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-02.dmp
2014-02-15 10:39 - 2012-02-20 19:53 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-02-15 09:31 - 2014-02-15 09:15 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-15 09:31 - 2012-02-20 20:27 - 01347931 _____ () C:\WINDOWS\iis6.log
2014-02-15 09:31 - 2012-02-20 20:27 - 01223992 _____ () C:\WINDOWS\FaxSetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00593957 _____ () C:\WINDOWS\ocgen.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00563935 _____ () C:\WINDOWS\tsoc.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00301590 _____ () C:\WINDOWS\comsetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00215241 _____ () C:\WINDOWS\netfxocm.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00181020 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00086279 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00062364 _____ () C:\WINDOWS\tabletoc.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00061449 _____ () C:\WINDOWS\msgsocm.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00054441 _____ () C:\WINDOWS\ocmsn.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-02-15 09:30 - 2014-02-15 09:30 - 00000413 _____ () C:\WINDOWS\WINNT32.LOG
2014-02-15 09:30 - 2014-02-15 09:30 - 00000225 _____ () C:\WINDOWS\DHCPUPG.LOG
2014-02-15 09:30 - 2012-02-20 20:27 - 00388416 _____ () C:\WINDOWS\msmqinst.log
2014-02-15 09:30 - 2012-02-20 20:26 - 00193366 _____ () C:\WINDOWS\setupact.log
2014-02-15 09:18 - 2014-02-15 09:18 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-15 09:17 - 2014-02-15 09:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\TP-LINK
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-02-15 09:15 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-15 09:12 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-15 09:11 - 2014-02-15 09:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-01.dmp
Some content of TEMP:
====================
C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp\MSETUP4.EXE
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\WINDOWS\system32\winlogon.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\WINDOWS\system32\svchost.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\WINDOWS\system32\services.exe
[2004-08-17 14:49] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7
C:\WINDOWS\system32\User32.dll
[2004-08-17 14:49] - [2008-04-14 04:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\WINDOWS\system32\userinit.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-17 14:44] - [2008-04-14 03:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:48.83 GB) (Free:36.83 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (D) (Fixed) (Total:184.06 GB) (Free:92.75 GB) NTFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Available physical RAM: 733.88 MB
Total physical RAM: 1023.48 MB
Percentage of memory in use: 28%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 0C200C1F)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184 GB) - (Type=07 NTFS)
Disk: 1 (Size: 961 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=961 MB) - (Type=06)
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 5.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Administrator\Plocha" je 1 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"="C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe:*:Enabled:Daemonu.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Documents and Settings\\Ferda\\Local Settings\\Temp\\KMSAct\\Pack\\Keygen\\Keygen.exe"="C:\\Documents and Settings\\Ferda\\Local Settings\\Temp\\KMSAct\\Pack\\Keygen\\Keygen.exe:*:Enabled:Keygen"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================
Log vytvořen v nouzovém režimu:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Administrator (administrator) on FERDA-BDED3D98E on 15-02-2014 11:27:35
Running from C:\Documents and Settings\Administrator\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 6
Boot Mode: Safe Mode (with Networking)
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\ecls.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [PtiuPbmd] - C:\WINDOWS\system32\ptipbm.dll [24576 2003-01-15] (Promise Technology,Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [16744256 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMCTray.dll [203072 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1632360 2011-10-08] ()
HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264 2011-09-22] (ESET)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonQuickMenu] - C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Documents and Settings\Ferda_uzivatel\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\tghc91vm.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-02-22]
========================== Services (Whitelisted) =================
S2 ACS; C:\WINDOWS\system32\acs.exe [499796 2011-03-31] (Atheros)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-22] (ESET)
S3 jswpsapi; C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [360529 2011-03-31] (wireless)
S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-08] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
R0 a347bus; C:\WINDOWS\System32\DRIVERS\a347bus.sys [160640 2004-04-30] ( )
R0 a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [5248 2004-04-30] ( )
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
S1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [42496 2005-03-09] (Advanced Micro Devices)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1606976 2011-04-12] (Atheros Communications, Inc.)
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] ()
S2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [154136 2011-08-09] (ESET)
S1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
S2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39824 2011-08-09] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61936 2011-08-04] (ESET)
R3 JSWSCIMD; C:\WINDOWS\System32\DRIVERS\jswscimd.sys [57440 2011-03-31] (Atheros Communications, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
R3 WSIMD; C:\WINDOWS\System32\DRIVERS\wsimd.sys [58208 2011-03-31] (Atheros Communications, Inc.)
S4 IntelIde; No ImagePath
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-15 11:36 - 2014-02-15 11:36 - 00000000 ____D () C:\WINDOWS.0
2014-02-15 11:27 - 2014-02-15 11:27 - 00007931 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-02-15 11:27 - 2014-02-15 11:27 - 00000000 ____D () C:\FRST
2014-02-15 11:25 - 2014-02-15 11:15 - 01141248 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-02-15 11:25 - 2014-02-15 11:15 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-02-15 11:06 - 2014-02-15 11:06 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-15 10:54 - 2014-02-15 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-02.dmp
2014-02-15 09:30 - 2014-02-15 09:30 - 00000413 _____ () C:\WINDOWS\WINNT32.LOG
2014-02-15 09:30 - 2014-02-15 09:30 - 00000225 _____ () C:\WINDOWS\DHCPUPG.LOG
2014-02-15 09:18 - 2014-02-15 09:18 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-15 09:17 - 2014-02-15 09:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\TP-LINK
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-02-15 09:15 - 2014-02-15 11:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2014-02-15 09:15 - 2014-02-15 11:26 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-02-15 09:15 - 2014-02-15 11:22 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2014-02-15 09:15 - 2014-02-15 09:31 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-15 09:15 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___HD () C:\Documents and Settings\Administrator\Okolní tiskárny
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ___HD () C:\Documents and Settings\Administrator\Okolní síť
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Oblíbené položky
2014-02-15 09:15 - 2012-02-20 20:27 - 00000000 ____D () C:\Documents and Settings\Administrator\Dokumenty
2014-02-15 09:15 - 2012-02-20 19:37 - 00001599 _____ () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Vzdálená pomoc.lnk
2014-02-15 09:15 - 2012-02-20 19:37 - 00000792 _____ () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Windows Media Player.lnk
2014-02-15 09:15 - 2012-02-20 19:37 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy\Příslušenství
2014-02-15 09:15 - 2012-02-20 19:37 - 00000000 ___RD () C:\Documents and Settings\Administrator\Nabídka Start\Programy
2014-02-15 09:15 - 2012-02-20 19:33 - 00000000 ___HD () C:\Documents and Settings\Administrator\Šablony
2014-02-15 09:12 - 2014-02-15 09:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-01.dmp
==================== One Month Modified Files and Folders =======
2014-02-15 11:36 - 2014-02-15 11:36 - 00000000 ____D () C:\WINDOWS.0
2014-02-15 11:27 - 2014-02-15 11:27 - 00007931 _____ () C:\Documents and Settings\Administrator\Plocha\FRST.txt
2014-02-15 11:27 - 2014-02-15 11:27 - 00000000 ____D () C:\FRST
2014-02-15 11:27 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2014-02-15 11:26 - 2014-02-15 09:15 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2014-02-15 11:23 - 2012-02-22 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha\2
2014-02-15 11:22 - 2014-02-15 11:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\GHISLER
2014-02-15 11:22 - 2014-02-15 09:15 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2014-02-15 11:21 - 2012-02-20 20:27 - 00511716 _____ () C:\WINDOWS\setupapi.log
2014-02-15 11:20 - 2012-04-04 20:03 - 00524288 _____ () C:\WINDOWS\system32\config\ACS.evt
2014-02-15 11:20 - 2012-02-20 20:30 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-02-15 11:20 - 2012-02-20 20:30 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-15 11:20 - 2012-02-20 19:40 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-15 11:20 - 2012-02-20 19:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-15 11:20 - 2012-02-20 19:36 - 01158840 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-15 11:15 - 2014-02-15 11:25 - 01141248 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2014-02-15 11:15 - 2014-02-15 11:25 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2014-02-15 11:06 - 2014-02-15 11:06 - 00000000 ____D () C:\WINDOWS\LastGood
2014-02-15 10:54 - 2014-02-15 10:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-02.dmp
2014-02-15 10:39 - 2012-02-20 19:53 - 00000178 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-02-15 09:31 - 2014-02-15 09:15 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-15 09:31 - 2012-02-20 20:27 - 01347931 _____ () C:\WINDOWS\iis6.log
2014-02-15 09:31 - 2012-02-20 20:27 - 01223992 _____ () C:\WINDOWS\FaxSetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00593957 _____ () C:\WINDOWS\ocgen.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00563935 _____ () C:\WINDOWS\tsoc.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00301590 _____ () C:\WINDOWS\comsetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00215241 _____ () C:\WINDOWS\netfxocm.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00181020 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00086279 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00062364 _____ () C:\WINDOWS\tabletoc.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00061449 _____ () C:\WINDOWS\msgsocm.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00054441 _____ () C:\WINDOWS\ocmsn.log
2014-02-15 09:31 - 2012-02-20 20:27 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-02-15 09:30 - 2014-02-15 09:30 - 00000413 _____ () C:\WINDOWS\WINNT32.LOG
2014-02-15 09:30 - 2014-02-15 09:30 - 00000225 _____ () C:\WINDOWS\DHCPUPG.LOG
2014-02-15 09:30 - 2012-02-20 20:27 - 00388416 _____ () C:\WINDOWS\msmqinst.log
2014-02-15 09:30 - 2012-02-20 20:26 - 00193366 _____ () C:\WINDOWS\setupact.log
2014-02-15 09:18 - 2014-02-15 09:18 - 00000000 __SHD () C:\WINDOWS\CSC
2014-02-15 09:17 - 2014-02-15 09:17 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\TP-LINK
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
2014-02-15 09:16 - 2014-02-15 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2014-02-15 09:15 - 2014-02-15 09:15 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-15 09:12 - 2001-10-25 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-15 09:11 - 2014-02-15 09:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021514-01.dmp
Some content of TEMP:
====================
C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Documents and Settings\Ferda_uzivatel\Local Settings\Temp\MSETUP4.EXE
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\WINDOWS\system32\winlogon.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\WINDOWS\system32\svchost.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\WINDOWS\system32\services.exe
[2004-08-17 14:49] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7
C:\WINDOWS\system32\User32.dll
[2004-08-17 14:49] - [2008-04-14 04:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\WINDOWS\system32\userinit.exe
[2004-08-17 14:49] - [2008-04-14 04:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-17 14:44] - [2008-04-14 03:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:48.83 GB) (Free:36.83 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (D) (Fixed) (Total:184.06 GB) (Free:92.75 GB) NTFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Available physical RAM: 733.88 MB
Total physical RAM: 1023.48 MB
Percentage of memory in use: 28%
==================== MBR and Partition Table ==================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 0C200C1F)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184 GB) - (Type=07 NTFS)
Disk: 1 (Size: 961 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=961 MB) - (Type=06)
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 5.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Administrator\Plocha" je 1 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"="C:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe:*:Enabled:Daemonu.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Documents and Settings\\Ferda\\Local Settings\\Temp\\KMSAct\\Pack\\Keygen\\Keygen.exe"="C:\\Documents and Settings\\Ferda\\Local Settings\\Temp\\KMSAct\\Pack\\Keygen\\Keygen.exe:*:Enabled:Keygen"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001
==================== End Of Log ==============================