nelze spustit system
Napsal: 09 zář 2014 13:03
po pripojeni disku do jine (novejsi) bedny nenabehne win
avg nasel trojana a odstranil jej
log prikladam
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by User (administrator) on JARDA on 09-09-2014 13:40:01
Running from C:\Documents and Settings\User\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam\Quickcam.exe [2178832 2007-10-25] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1757981266-746137067-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKU\S-1-5-21-1757981266-746137067-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
BHO: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{10F57906-254B-44FA-9A38-A4E321CEA0DD}: [NameServer] 10.0.1.2,10.0.1.6
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\taifqjyo.default
FF Homepage: hxxp://www.seznam.cz/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} [2011-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.cz_
CHR DefaultSearchURL: Default -> {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR CustomProfile: C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-19]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-19]
CHR Extension: (ModHeader) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2012-09-19]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161664 2011-09-18] (Oracle Corporation)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [46336 2004-08-18] (Microsoft Corporation)
S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [490776 2007-10-12] (Logitech Inc.)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 13:40 - 2014-09-09 13:40 - 00013777 _____ () C:\Documents and Settings\User\Plocha\FRST.txt
2014-09-09 13:39 - 2014-09-09 13:40 - 00000000 ____D () C:\FRST
2014-09-09 13:39 - 2014-09-09 13:34 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
2014-09-09 13:38 - 2014-09-09 13:28 - 01097728 _____ (Farbar) C:\Documents and Settings\User\Plocha\FRST.exe
2014-09-09 09:37 - 2014-09-09 09:37 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\AVG2014
2014-09-09 09:28 - 2014-09-09 09:28 - 00000714 _____ () C:\Documents and Settings\All Users\Plocha\AVG 2014.lnk
2014-09-09 09:28 - 2014-09-09 09:28 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\TuneUp Software
2014-09-09 09:28 - 2014-09-09 09:28 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\AVG
2014-09-09 09:26 - 2014-09-09 09:27 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-09 09:20 - 2014-09-09 09:20 - 00000000 ___HD () C:\$AVG
2014-09-09 09:19 - 2014-09-09 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVG2014
2014-09-09 09:18 - 2014-09-09 09:18 - 00000000 ____D () C:\Program Files\AVG
2014-09-09 09:15 - 2014-09-09 13:00 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-09-09 09:15 - 2014-09-09 10:34 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\Avg2014
2014-09-09 09:15 - 2014-09-09 09:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\MFAData
2014-08-23 14:35 - 2014-08-23 14:35 - 01677440 _____ (Skype Technologies S.A.) C:\Documents and Settings\User\Local Settings\Data aplikací\skype-6-16-0-105-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-gr-in-kr-no-se-tr-cat-id-win.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2036-02-07 03:58 - 2009-12-04 17:21 - 01227482 ____R (Finalhit Ltd) C:\WINDOWS\system32\3_VETERANI.scr
2014-09-09 13:40 - 2014-09-09 13:40 - 00013777 _____ () C:\Documents and Settings\User\Plocha\FRST.txt
2014-09-09 13:40 - 2014-09-09 13:39 - 00000000 ____D () C:\FRST
2014-09-09 13:40 - 2008-01-06 19:13 - 00000000 ___RD () C:\Documents and Settings\User\Plocha
2014-09-09 13:40 - 2008-01-06 19:13 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-09-09 13:39 - 2008-01-06 19:13 - 00000000 ___HD () C:\Documents and Settings\User\Local Settings\Data aplikací
2014-09-09 13:38 - 2008-01-06 19:31 - 00660942 _____ () C:\WINDOWS\setupapi.log
2014-09-09 13:38 - 2008-01-06 19:01 - 01239600 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 13:34 - 2014-09-09 13:39 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
2014-09-09 13:28 - 2014-09-09 13:38 - 01097728 _____ (Farbar) C:\Documents and Settings\User\Plocha\FRST.exe
2014-09-09 13:18 - 2012-09-19 10:09 - 00001022 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-746137067-682003330-1003UA.job
2014-09-09 13:00 - 2014-09-09 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-09-09 12:56 - 2012-11-23 15:05 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 10:34 - 2014-09-09 09:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\Avg2014
2014-09-09 09:37 - 2014-09-09 09:37 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\AVG2014
2014-09-09 09:37 - 2008-01-06 19:13 - 00000000 __RHD () C:\Documents and Settings\User\Data aplikací
2014-09-09 09:31 - 2014-09-09 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVG2014
2014-09-09 09:28 - 2014-09-09 09:28 - 00000714 _____ () C:\Documents and Settings\All Users\Plocha\AVG 2014.lnk
2014-09-09 09:28 - 2014-09-09 09:28 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\TuneUp Software
2014-09-09 09:28 - 2014-09-09 09:28 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\AVG
2014-09-09 09:28 - 2008-01-06 19:31 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-09-09 09:28 - 2008-01-06 19:31 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-09 09:27 - 2014-09-09 09:26 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-09 09:20 - 2014-09-09 09:20 - 00000000 ___HD () C:\$AVG
2014-09-09 09:19 - 2008-01-06 19:31 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-09 09:18 - 2014-09-09 09:18 - 00000000 ____D () C:\Program Files\AVG
2014-09-09 09:18 - 2012-09-19 10:09 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-746137067-682003330-1003Core.job
2014-09-09 09:15 - 2014-09-09 09:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\MFAData
2014-09-09 09:00 - 2012-11-23 15:05 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 09:00 - 2008-01-06 19:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-09 09:00 - 2008-01-06 19:35 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-09 09:00 - 2008-01-06 19:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-09 09:00 - 2004-08-18 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-08 11:40 - 2008-01-06 19:13 - 00000272 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-09-08 11:40 - 2008-01-06 19:09 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-07 14:55 - 2012-02-12 18:47 - 00000000 ____D () C:\Documents and Settings\User\Plocha\obrazky
2014-09-02 22:55 - 2008-01-08 19:00 - 00001744 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-23 14:35 - 2014-08-23 14:35 - 01677440 _____ (Skype Technologies S.A.) C:\Documents and Settings\User\Local Settings\Data aplikací\skype-6-16-0-105-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-gr-in-kr-no-se-tr-cat-id-win.exe
2014-08-23 14:25 - 2008-01-06 19:35 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-08-23 14:00 - 2014-06-18 13:07 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-08-14 21:37 - 2013-08-19 20:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 21:30 - 2008-09-14 17:19 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 18:14 - 2008-01-06 19:36 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\Skype
2014-08-13 18:06 - 2008-01-06 19:13 - 00000000 ___RD () C:\Documents and Settings\User\Dokumenty
2014-08-13 16:16 - 2008-03-10 19:02 - 00002563 _____ () C:\Documents and Settings\User\Plocha\Microsoft Office Word 2007.lnk
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\setup_wm.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-746137067-682003330-1003Core.job => C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-746137067-682003330-1003UA.job => C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: AVG AntiVirus 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\User\Plocha" je 174 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG2014\\avgnsx.exe:*:Enabled:Webov\EC \E7t\A1t"
"C:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe:*:Enabled:AVG Diagnostika 2014"
"C:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"="C:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe:*:Enabled:Instal\A0tor AVG"
"C:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"="C:\\Program Files\\AVG\\AVG2014\\avgemcx.exe:*:Enabled:Obecn\A0 kontrola po\E7ty"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
avg nasel trojana a odstranil jej
log prikladam
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by User (administrator) on JARDA on 09-09-2014 13:40:01
Running from C:\Documents and Settings\User\Plocha
Platform: Systém Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
() C:\Program Files\Logitech\QuickCam\Quickcam.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [563984 2007-10-25] ()
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam\Quickcam.exe [2178832 2007-10-25] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1757981266-746137067-682003330-1003\...\Run: [Google Update] => C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)
HKU\S-1-5-21-1757981266-746137067-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
BHO: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{10F57906-254B-44FA-9A38-A4E321CEA0DD}: [NameServer] 10.0.1.2,10.0.1.6
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\taifqjyo.default
FF Homepage: hxxp://www.seznam.cz/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} [2011-09-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR RestoreOnStartup: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> google.cz_
CHR DefaultSearchURL: Default -> {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\22.0.1229.94\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\22.0.1229.94\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Documents and Settings\User\Local Settings\Data aplikac\u00ED\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
CHR CustomProfile: C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-19]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-19]
CHR Extension: (ModHeader) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\idgpnmonknjnojddfkpgkljpfnnfcklj [2012-09-19]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-19]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161664 2011-09-18] (Oracle Corporation)
R2 LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [186904 2007-10-19] (Logitech Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [141848 2007-10-19] (Logitech Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-04] (Microsoft Corporation)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [2109976 2007-10-19] (Logitech Inc.)
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [2142488 2007-10-11] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25624 2007-10-11] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2007-10-12] (Logitech Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
R1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [46336 2004-08-18] (Microsoft Corporation)
S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [490776 2007-10-12] (Logitech Inc.)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 13:40 - 2014-09-09 13:40 - 00013777 _____ () C:\Documents and Settings\User\Plocha\FRST.txt
2014-09-09 13:39 - 2014-09-09 13:40 - 00000000 ____D () C:\FRST
2014-09-09 13:39 - 2014-09-09 13:34 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
2014-09-09 13:38 - 2014-09-09 13:28 - 01097728 _____ (Farbar) C:\Documents and Settings\User\Plocha\FRST.exe
2014-09-09 09:37 - 2014-09-09 09:37 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\AVG2014
2014-09-09 09:28 - 2014-09-09 09:28 - 00000714 _____ () C:\Documents and Settings\All Users\Plocha\AVG 2014.lnk
2014-09-09 09:28 - 2014-09-09 09:28 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\TuneUp Software
2014-09-09 09:28 - 2014-09-09 09:28 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\AVG
2014-09-09 09:26 - 2014-09-09 09:27 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-09 09:20 - 2014-09-09 09:20 - 00000000 ___HD () C:\$AVG
2014-09-09 09:19 - 2014-09-09 09:31 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVG2014
2014-09-09 09:18 - 2014-09-09 09:18 - 00000000 ____D () C:\Program Files\AVG
2014-09-09 09:15 - 2014-09-09 13:00 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-09-09 09:15 - 2014-09-09 10:34 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\Avg2014
2014-09-09 09:15 - 2014-09-09 09:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\MFAData
2014-08-23 14:35 - 2014-08-23 14:35 - 01677440 _____ (Skype Technologies S.A.) C:\Documents and Settings\User\Local Settings\Data aplikací\skype-6-16-0-105-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-gr-in-kr-no-se-tr-cat-id-win.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2036-02-07 03:58 - 2009-12-04 17:21 - 01227482 ____R (Finalhit Ltd) C:\WINDOWS\system32\3_VETERANI.scr
2014-09-09 13:40 - 2014-09-09 13:40 - 00013777 _____ () C:\Documents and Settings\User\Plocha\FRST.txt
2014-09-09 13:40 - 2014-09-09 13:39 - 00000000 ____D () C:\FRST
2014-09-09 13:40 - 2008-01-06 19:13 - 00000000 ___RD () C:\Documents and Settings\User\Plocha
2014-09-09 13:40 - 2008-01-06 19:13 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2014-09-09 13:39 - 2008-01-06 19:13 - 00000000 ___HD () C:\Documents and Settings\User\Local Settings\Data aplikací
2014-09-09 13:38 - 2008-01-06 19:31 - 00660942 _____ () C:\WINDOWS\setupapi.log
2014-09-09 13:38 - 2008-01-06 19:01 - 01239600 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 13:34 - 2014-09-09 13:39 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
2014-09-09 13:28 - 2014-09-09 13:38 - 01097728 _____ (Farbar) C:\Documents and Settings\User\Plocha\FRST.exe
2014-09-09 13:18 - 2012-09-19 10:09 - 00001022 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-746137067-682003330-1003UA.job
2014-09-09 13:00 - 2014-09-09 09:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-09-09 12:56 - 2012-11-23 15:05 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 10:34 - 2014-09-09 09:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\Avg2014
2014-09-09 09:37 - 2014-09-09 09:37 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\AVG2014
2014-09-09 09:37 - 2008-01-06 19:13 - 00000000 __RHD () C:\Documents and Settings\User\Data aplikací
2014-09-09 09:31 - 2014-09-09 09:19 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\AVG2014
2014-09-09 09:28 - 2014-09-09 09:28 - 00000714 _____ () C:\Documents and Settings\All Users\Plocha\AVG 2014.lnk
2014-09-09 09:28 - 2014-09-09 09:28 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\TuneUp Software
2014-09-09 09:28 - 2014-09-09 09:28 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\AVG
2014-09-09 09:28 - 2008-01-06 19:31 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-09-09 09:28 - 2008-01-06 19:31 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-09-09 09:27 - 2014-09-09 09:26 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-09 09:20 - 2014-09-09 09:20 - 00000000 ___HD () C:\$AVG
2014-09-09 09:19 - 2008-01-06 19:31 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-09-09 09:18 - 2014-09-09 09:18 - 00000000 ____D () C:\Program Files\AVG
2014-09-09 09:18 - 2012-09-19 10:09 - 00000970 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-746137067-682003330-1003Core.job
2014-09-09 09:15 - 2014-09-09 09:15 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\MFAData
2014-09-09 09:00 - 2012-11-23 15:05 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 09:00 - 2008-01-06 19:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-09 09:00 - 2008-01-06 19:35 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-09 09:00 - 2008-01-06 19:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-09 09:00 - 2004-08-18 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-08 11:40 - 2008-01-06 19:13 - 00000272 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-09-08 11:40 - 2008-01-06 19:09 - 00032540 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-07 14:55 - 2012-02-12 18:47 - 00000000 ____D () C:\Documents and Settings\User\Plocha\obrazky
2014-09-02 22:55 - 2008-01-08 19:00 - 00001744 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-08-23 14:35 - 2014-08-23 14:35 - 01677440 _____ (Skype Technologies S.A.) C:\Documents and Settings\User\Local Settings\Data aplikací\skype-6-16-0-105-es-en-br-fr-de-it-cn-jp-ar-ru-nl-pl-cz-dk-fi-gr-in-kr-no-se-tr-cat-id-win.exe
2014-08-23 14:25 - 2008-01-06 19:35 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Skype
2014-08-23 14:00 - 2014-06-18 13:07 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-08-14 21:37 - 2013-08-19 20:05 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 21:30 - 2008-09-14 17:19 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 18:14 - 2008-01-06 19:36 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\Skype
2014-08-13 18:06 - 2008-01-06 19:13 - 00000000 ___RD () C:\Documents and Settings\User\Dokumenty
2014-08-13 16:16 - 2008-03-10 19:02 - 00002563 _____ () C:\Documents and Settings\User\Plocha\Microsoft Office Word 2007.lnk
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\User\Local Settings\Temp\setup_wm.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-746137067-682003330-1003Core.job => C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-746137067-682003330-1003UA.job => C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: AVG AntiVirus 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\User\Plocha" je 174 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG2014\\avgnsx.exe:*:Enabled:Webov\EC \E7t\A1t"
"C:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe:*:Enabled:AVG Diagnostika 2014"
"C:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"="C:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe:*:Enabled:Instal\A0tor AVG"
"C:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"="C:\\Program Files\\AVG\\AVG2014\\avgemcx.exe:*:Enabled:Obecn\A0 kontrola po\E7ty"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
