Otevření emailu s falešnými dluhy
Napsal: 01 srp 2014 09:03
Mockrát děkuji za pročištění, doufám že z toho nebude tradice ...
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 02
Ran by Miluška (administrator) on OEM-622B40AB7D0 on 01-08-2014 09:56:36
Running from C:\Documents and Settings\Miluška\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files\Philips\Philips Device Manager\bin\DeviceManager.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Philips) C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Miluška\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-1078081533-1417001333-725345543-1003\...\Run: [PhilipsLime] => C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe [159744 2005-09-08] (Philips)
HKU\S-1-5-21-1078081533-1417001333-725345543-1003\...\Run: [Facebook Update] => "C:\Documents and Settings\Miluaka\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1078081533-1417001333-725345543-1003\...\Run: [AdobeChk] => C:\Documents and Settings\Miluaka\Data aplikací\AdobeChk\chk.exe
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {3a213a77-2363-4452-9f33-494a52ce2d24} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... rceid=IE_5
SearchScopes: HKCU - {6fa1e848-1e22-407a-ba21-a96c8a02ddac} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKCU - {8ea365bd-f3a1-40cd-b174-cc642008bbe5} URL = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
SearchScopes: HKCU - {ca16fedb-ece0-4054-8df3-feedce10402b} URL = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\WEBIE.DLL ()
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL ()
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - No Name - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No File
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab
ShellExecuteHooks: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll [49152 2004-10-09] (Fengtao Software Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{69FDB641-BF63-4929-9C00-1E6C3DD89C8F}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Miluška\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-04]
FF Extension: ICQ Toolbar - C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-07-25]
FF Extension: Seznam lištička - C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-04-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Miluška\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2011-02-11] (BOONTY) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-05 18:21 - 2014-08-01 09:32 - 00006736 _____ () C:\WINDOWS\setupapi.log
2014-08-02 12:25 - 2014-08-02 12:25 - 00000000 ____D () C:\Documents and Settings\Miluška\Local Settings\Data aplikací\ESET
2014-08-02 11:53 - 2001-10-25 16:00 - 00000737 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140802-115314.backup
2014-08-02 11:40 - 2014-08-01 09:34 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-02 11:40 - 2014-08-01 09:33 - 00327680 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-08-02 11:40 - 2014-08-01 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-08-01 09:56 - 2014-08-01 09:56 - 00011982 _____ () C:\Documents and Settings\Miluška\Plocha\FRST.txt
2014-08-01 09:56 - 2014-08-01 09:56 - 00000000 ____D () C:\FRST
2014-08-01 09:43 - 2014-08-01 09:43 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Miluška\Plocha\FRSTLauncher.exe
2014-08-01 09:42 - 2014-08-01 09:43 - 01084928 _____ (Farbar) C:\Documents and Settings\Miluška\Plocha\FRST.exe
2014-08-01 09:31 - 2014-08-01 09:31 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-07-03 21:17 - 2014-07-03 21:19 - 00001622 _____ () C:\WINDOWS\wmsetup.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-24 10:37 - 2011-02-11 21:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-06 17:18 - 2011-02-09 08:41 - 00000272 ___SH () C:\Documents and Settings\Miluška\ntuser.ini
2014-08-05 18:27 - 2011-02-09 09:26 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-08-02 12:25 - 2014-08-02 12:25 - 00000000 ____D () C:\Documents and Settings\Miluška\Local Settings\Data aplikací\ESET
2014-08-02 12:13 - 2011-07-20 16:38 - 00000012 _____ () C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
2014-08-01 09:56 - 2014-08-01 09:56 - 00011982 _____ () C:\Documents and Settings\Miluška\Plocha\FRST.txt
2014-08-01 09:56 - 2014-08-01 09:56 - 00000000 ____D () C:\FRST
2014-08-01 09:56 - 2011-02-09 08:41 - 00000000 ____D () C:\Documents and Settings\Miluška\Plocha
2014-08-01 09:56 - 2011-02-09 08:41 - 00000000 ____D () C:\Documents and Settings\Miluška\Local Settings\Temp
2014-08-01 09:55 - 2011-02-09 10:58 - 00000000 ____D () C:\Documents and Settings\Miluška\Dokumenty\Stažené soubory
2014-08-01 09:55 - 2011-02-09 08:41 - 00000000 ___HD () C:\Documents and Settings\Miluška\Local Settings\Data aplikací
2014-08-01 09:43 - 2014-08-01 09:43 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Miluška\Plocha\FRSTLauncher.exe
2014-08-01 09:43 - 2014-08-01 09:42 - 01084928 _____ (Farbar) C:\Documents and Settings\Miluška\Plocha\FRST.exe
2014-08-01 09:43 - 2011-02-09 14:16 - 00001224 _____ () C:\WINDOWS\TRNCOM.INI
2014-08-01 09:35 - 2012-12-14 19:25 - 00001054 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-1417001333-725345543-1003UA.job
2014-08-01 09:35 - 2011-02-09 08:35 - 01356752 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-01 09:34 - 2014-08-02 11:40 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-01 09:34 - 2011-08-18 20:23 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 09:34 - 2011-05-01 08:03 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job
2014-08-01 09:34 - 2011-02-09 09:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-01 09:34 - 2011-02-09 09:28 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-08-01 09:34 - 2011-02-09 08:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-01 09:34 - 2010-03-16 04:37 - 00131167 _____ () C:\WINDOWS\system32\NvApps.xml
2014-08-01 09:33 - 2014-08-02 11:40 - 00327680 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-08-01 09:33 - 2011-09-30 15:31 - 00000000 ____D () C:\Program Files\Seznam.cz
2014-08-01 09:33 - 2011-02-09 09:26 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-08-01 09:33 - 2011-02-09 08:39 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-01 09:32 - 2014-08-05 18:21 - 00006736 _____ () C:\WINDOWS\setupapi.log
2014-08-01 09:32 - 2011-02-09 13:29 - 00000000 ____D () C:\Program Files\ESET
2014-08-01 09:31 - 2014-08-02 11:40 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-08-01 09:31 - 2014-08-01 09:31 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-08-01 09:31 - 2011-02-09 09:26 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-08-01 09:31 - 2011-02-09 08:41 - 00000000 ___RD () C:\Documents and Settings\Miluška\Nabídka Start\Programy
2014-08-01 09:05 - 2011-08-18 20:23 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 09:01 - 2001-10-25 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-22 21:12 - 2011-08-18 20:23 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-07-09 20:02 - 2011-02-09 08:41 - 00000000 ___RD () C:\Documents and Settings\Miluška\Dokumenty
2014-07-09 18:35 - 2012-12-14 19:25 - 00001032 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-1417001333-725345543-1003Core.job
2014-07-03 21:19 - 2014-07-03 21:17 - 00001622 _____ () C:\WINDOWS\wmsetup.log
2014-07-03 21:17 - 2011-02-11 21:45 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
Some content of TEMP:
====================
C:\Documents and Settings\Miluška\Local Settings\Temp\InstHelper.exe
C:\Documents and Settings\Miluška\Local Settings\Temp\RebootStart.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:55.73 GB) (Free:29.72 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:97.65 GB) (Free:85.78 GB) NTFS
Available physical RAM: 1429.56 MB
Total physical RAM: 1983.36 MB
Percentage of memory in use: 27%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 153 GB) (Disk ID: EFA5A7E5)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-1417001333-725345543-1003Core.job => C:\Documents and Settings\Miluaka\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-1417001333-725345543-1003UA.job => C:\Documents and Settings\Miluaka\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Miluka\Plocha" je 4839 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Miluka\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="C:\\Documents and Settings\\Miluka\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 02
Ran by Miluška (administrator) on OEM-622B40AB7D0 on 01-08-2014 09:56:36
Running from C:\Documents and Settings\Miluška\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files\Philips\Philips Device Manager\bin\DeviceManager.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Philips) C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
(Koninklijke Philips Electronics N.V.) C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Miluška\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-1078081533-1417001333-725345543-1003\...\Run: [PhilipsLime] => C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe [159744 2005-09-08] (Philips)
HKU\S-1-5-21-1078081533-1417001333-725345543-1003\...\Run: [Facebook Update] => "C:\Documents and Settings\Miluaka\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1078081533-1417001333-725345543-1003\...\Run: [AdobeChk] => C:\Documents and Settings\Miluaka\Data aplikací\AdobeChk\chk.exe
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {3a213a77-2363-4452-9f33-494a52ce2d24} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... rceid=IE_5
SearchScopes: HKCU - {6fa1e848-1e22-407a-ba21-a96c8a02ddac} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKCU - {8ea365bd-f3a1-40cd-b174-cc642008bbe5} URL = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
SearchScopes: HKCU - {ca16fedb-ece0-4054-8df3-feedce10402b} URL = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: WebTransBHO Class -> {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} -> C:\TRANSLAT\WEBIE.DLL ()
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKLM - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL ()
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - No Name - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No File
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab
ShellExecuteHooks: DVDIdleShell Class - {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll [49152 2004-10-09] (Fengtao Software Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{69FDB641-BF63-4929-9C00-1E6C3DD89C8F}: [NameServer]8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Miluška\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-07-04]
FF Extension: ICQ Toolbar - C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-07-25]
FF Extension: Seznam lištička - C:\Documents and Settings\Miluška\Data aplikací\Mozilla\Firefox\Profiles\zgdpwo80.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2013-04-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-02]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Miluška\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [69120 2011-02-11] (BOONTY) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [70912 2010-03-04] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2010-03-04] (NVIDIA Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
S4 IntelIde; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-05 18:21 - 2014-08-01 09:32 - 00006736 _____ () C:\WINDOWS\setupapi.log
2014-08-02 12:25 - 2014-08-02 12:25 - 00000000 ____D () C:\Documents and Settings\Miluška\Local Settings\Data aplikací\ESET
2014-08-02 11:53 - 2001-10-25 16:00 - 00000737 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140802-115314.backup
2014-08-02 11:40 - 2014-08-01 09:34 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-02 11:40 - 2014-08-01 09:33 - 00327680 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-08-02 11:40 - 2014-08-01 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-08-01 09:56 - 2014-08-01 09:56 - 00011982 _____ () C:\Documents and Settings\Miluška\Plocha\FRST.txt
2014-08-01 09:56 - 2014-08-01 09:56 - 00000000 ____D () C:\FRST
2014-08-01 09:43 - 2014-08-01 09:43 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Miluška\Plocha\FRSTLauncher.exe
2014-08-01 09:42 - 2014-08-01 09:43 - 01084928 _____ (Farbar) C:\Documents and Settings\Miluška\Plocha\FRST.exe
2014-08-01 09:31 - 2014-08-01 09:31 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-07-03 21:17 - 2014-07-03 21:19 - 00001622 _____ () C:\WINDOWS\wmsetup.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-24 10:37 - 2011-02-11 21:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-06 17:18 - 2011-02-09 08:41 - 00000272 ___SH () C:\Documents and Settings\Miluška\ntuser.ini
2014-08-05 18:27 - 2011-02-09 09:26 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-08-02 12:25 - 2014-08-02 12:25 - 00000000 ____D () C:\Documents and Settings\Miluška\Local Settings\Data aplikací\ESET
2014-08-02 12:13 - 2011-07-20 16:38 - 00000012 _____ () C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
2014-08-01 09:56 - 2014-08-01 09:56 - 00011982 _____ () C:\Documents and Settings\Miluška\Plocha\FRST.txt
2014-08-01 09:56 - 2014-08-01 09:56 - 00000000 ____D () C:\FRST
2014-08-01 09:56 - 2011-02-09 08:41 - 00000000 ____D () C:\Documents and Settings\Miluška\Plocha
2014-08-01 09:56 - 2011-02-09 08:41 - 00000000 ____D () C:\Documents and Settings\Miluška\Local Settings\Temp
2014-08-01 09:55 - 2011-02-09 10:58 - 00000000 ____D () C:\Documents and Settings\Miluška\Dokumenty\Stažené soubory
2014-08-01 09:55 - 2011-02-09 08:41 - 00000000 ___HD () C:\Documents and Settings\Miluška\Local Settings\Data aplikací
2014-08-01 09:43 - 2014-08-01 09:43 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Miluška\Plocha\FRSTLauncher.exe
2014-08-01 09:43 - 2014-08-01 09:42 - 01084928 _____ (Farbar) C:\Documents and Settings\Miluška\Plocha\FRST.exe
2014-08-01 09:43 - 2011-02-09 14:16 - 00001224 _____ () C:\WINDOWS\TRNCOM.INI
2014-08-01 09:35 - 2012-12-14 19:25 - 00001054 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-1417001333-725345543-1003UA.job
2014-08-01 09:35 - 2011-02-09 08:35 - 01356752 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-01 09:34 - 2014-08-02 11:40 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-01 09:34 - 2011-08-18 20:23 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-01 09:34 - 2011-05-01 08:03 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job
2014-08-01 09:34 - 2011-02-09 09:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-01 09:34 - 2011-02-09 09:28 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-08-01 09:34 - 2011-02-09 08:39 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-01 09:34 - 2010-03-16 04:37 - 00131167 _____ () C:\WINDOWS\system32\NvApps.xml
2014-08-01 09:33 - 2014-08-02 11:40 - 00327680 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-08-01 09:33 - 2011-09-30 15:31 - 00000000 ____D () C:\Program Files\Seznam.cz
2014-08-01 09:33 - 2011-02-09 09:26 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-08-01 09:33 - 2011-02-09 08:39 - 00032554 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-01 09:32 - 2014-08-05 18:21 - 00006736 _____ () C:\WINDOWS\setupapi.log
2014-08-01 09:32 - 2011-02-09 13:29 - 00000000 ____D () C:\Program Files\ESET
2014-08-01 09:31 - 2014-08-02 11:40 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-08-01 09:31 - 2014-08-01 09:31 - 00000079 _____ () C:\WINDOWS\wininit.ini
2014-08-01 09:31 - 2011-02-09 09:26 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-08-01 09:31 - 2011-02-09 08:41 - 00000000 ___RD () C:\Documents and Settings\Miluška\Nabídka Start\Programy
2014-08-01 09:05 - 2011-08-18 20:23 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-01 09:01 - 2001-10-25 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-22 21:12 - 2011-08-18 20:23 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-07-09 20:02 - 2011-02-09 08:41 - 00000000 ___RD () C:\Documents and Settings\Miluška\Dokumenty
2014-07-09 18:35 - 2012-12-14 19:25 - 00001032 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-1417001333-725345543-1003Core.job
2014-07-03 21:19 - 2014-07-03 21:17 - 00001622 _____ () C:\WINDOWS\wmsetup.log
2014-07-03 21:17 - 2011-02-11 21:45 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
Some content of TEMP:
====================
C:\Documents and Settings\Miluška\Local Settings\Temp\InstHelper.exe
C:\Documents and Settings\Miluška\Local Settings\Temp\RebootStart.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:55.73 GB) (Free:29.72 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:97.65 GB) (Free:85.78 GB) NTFS
Available physical RAM: 1429.56 MB
Total physical RAM: 1983.36 MB
Percentage of memory in use: 27%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 153 GB) (Disk ID: EFA5A7E5)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=OF Extended)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-1417001333-725345543-1003Core.job => C:\Documents and Settings\Miluaka\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1078081533-1417001333-725345543-1003UA.job => C:\Documents and Settings\Miluaka\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Miluka\Plocha" je 4839 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Miluka\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="C:\\Documents and Settings\\Miluka\\Local Settings\\Data aplikac\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
