Prosím o kontrolu logu
Napsal: 16 úno 2015 08:45
Zdravím, včera mi naskočila stránka policie...jak už tu bylo popisováno xkrát, té se mi podařilo zbavit. Projel jsem systém Spyware Terminatorem, promazal, CCleanerem promazal. Dnes při zapnutí mi vyskočila chybová hláška Spyware Terminatoru a začala s tou chybou otevírat nekotrolovatelně okna, dokud se mi je nepodařilo všechny vypnout rychleji, než se objevovaly...bohužel jsem jednal rychleji než myslel a tak jsem přesně nedočetl, co tam bylo psáno...něco ve smyslu "violation". Dále používám Aviru free, Zone Alarm, nic nehlásili. Děkuji za kontrolu zda je vše v pořádku.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by User (administrator) on STOLNÍ on 16-02-2015 08:38:22
Running from C:\Documents and Settings\User\Plocha
Loaded Profiles: User (Available profiles: User)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(AVerMedia) C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(Crawler Group) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
() C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia Technologies, Inc.) C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
(Crawler Group) C:\Program Files\Spyware Terminator\st_rsser.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-06-21] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [5456720 2015-01-22] (Crawler Group)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1292428093-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1292428093-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1292428093-1563985344-1801674531-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9078065390
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.152.40.4 10.152.40.5
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\w9d3jsc2.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Disconnect - C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\w9d3jsc2.default\Extensions\2.0@disconnect.me.xpi [2014-05-04]
FF Extension: Adblock Plus - C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\w9d3jsc2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-18]
Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKU\S-1-5-21-1292428093-1563985344-1801674531-1003\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\User\LOCALS~1\DATAAP~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-20]
CHR HKU\S-1-5-21-1292428093-1563985344-1801674531-1003\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2010-04-27] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [168448 2011-01-06] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-09-11] (Oracle Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SnugTV Service; C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe [571904 2011-02-14] (AVerMedia Technologies, Inc.) [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [1998672 2015-01-22] (Crawler Group)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [96704 2007-08-04] (SlySoft, Inc.)
R3 AVerAF35; C:\WINDOWS\System32\Drivers\AVerAF35.sys [642560 2010-04-02] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-08] (Disc Soft Ltd)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2009-07-01] (NVIDIA Corporation)
S3 silabenm; C:\WINDOWS\System32\DRIVERS\silabenm.sys [17920 2009-03-20] (Silicon Laboratories, Inc.)
S3 silabser; C:\WINDOWS\System32\DRIVERS\silabser.sys [62592 2009-03-20] (Silicon Laboratories)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-09-11] (Avira GmbH)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [534024 2014-05-30] (Check Point Software Technologies Ltd.)
S4 IntelIde; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 08:38 - 2015-02-16 08:38 - 00014253 _____ () C:\Documents and Settings\User\Plocha\FRST.txt
2015-02-16 08:37 - 2015-02-16 08:38 - 00000000 ____D () C:\FRST
2015-02-16 08:35 - 2015-02-16 08:35 - 01125888 _____ (Farbar) C:\Documents and Settings\User\Plocha\FRST.exe
2015-02-16 08:35 - 2015-02-16 08:35 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
2015-02-10 07:53 - 2015-02-10 20:50 - 00000000 ____D () C:\Documents and Settings\User\Plocha\Pro dagmarku
2015-01-27 13:18 - 2015-01-27 13:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-27 10:55 - 2015-01-27 10:55 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\SKIDROW
2015-01-27 10:54 - 2015-01-27 10:54 - 00000737 _____ () C:\Documents and Settings\User\Plocha\Zástupce - CivilizationV.lnk
2015-01-26 16:07 - 2015-01-26 16:07 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\My Games
2015-01-26 15:54 - 2015-02-15 08:21 - 00000000 ____D () C:\Program Files\Sid Meier's Civilization V
2015-01-17 22:45 - 2015-01-27 21:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 08:38 - 2014-07-13 20:44 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2015-02-16 08:38 - 2013-09-11 17:38 - 00000000 ____D () C:\Documents and Settings\User\Plocha
2015-02-16 08:37 - 2013-09-11 21:23 - 00013220 _____ () C:\WINDOWS\system32\nvAppTimestamps
2015-02-16 08:37 - 2013-09-11 17:38 - 00000000 ___HD () C:\Documents and Settings\User\Local Settings\Data aplikací
2015-02-16 08:36 - 2013-09-11 20:11 - 00000000 ____D () C:\Documents and Settings\User\Dokumenty\Stažené soubory
2015-02-16 08:32 - 2014-03-28 09:14 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 08:30 - 2013-09-11 17:33 - 01134094 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 08:27 - 2013-09-11 19:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-16 08:27 - 2013-09-11 19:28 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-16 08:26 - 2014-03-28 09:14 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 08:26 - 2013-09-11 17:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 08:26 - 2001-10-25 13:00 - 00002300 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-15 17:49 - 2013-09-17 17:32 - 00524288 _____ () C:\WINDOWS\system32\config\AVer Med.evt
2015-02-15 17:49 - 2013-09-17 17:32 - 00327680 _____ () C:\WINDOWS\system32\config\AVer Aut.evt
2015-02-15 17:49 - 2013-09-16 22:09 - 01287542 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1292428093-1563985344-1801674531-1003-0.dat
2015-02-15 17:49 - 2013-09-16 14:41 - 00270702 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2015-02-15 17:49 - 2013-09-11 17:38 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2015-02-15 17:49 - 2013-09-11 17:36 - 00032524 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-15 17:03 - 2013-09-11 21:26 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 16:48 - 2014-02-23 19:00 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-15 14:35 - 2013-09-16 13:06 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\DAEMON Tools Lite
2015-02-13 12:37 - 2013-09-18 09:03 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2015-02-13 10:02 - 2013-09-12 21:02 - 00000000 ___RD () C:\Documents and Settings\User\Plocha\Mbank
2015-02-11 19:13 - 2013-09-13 13:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 19:04 - 2013-09-13 13:12 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 19:04 - 2013-09-12 17:16 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-11 09:14 - 2014-08-07 14:16 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-02-10 20:45 - 2013-09-11 22:04 - 00000000 ____D () C:\Program Files\Avira
2015-02-10 20:45 - 2013-09-11 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2015-02-10 20:44 - 2013-09-11 19:26 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-09 17:33 - 2014-10-20 10:07 - 00000000 ___RD () C:\Documents and Settings\User\Dokumenty\Disk Google
2015-02-04 22:03 - 2013-09-11 21:26 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-04 22:03 - 2013-09-11 21:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-02 17:51 - 2013-09-17 13:13 - 00000000 ____D () C:\Program Files\utorrent
2015-01-31 14:36 - 2013-09-11 19:26 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-01-31 14:17 - 2014-08-12 14:52 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-01-31 14:17 - 2013-09-11 17:33 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-01-28 09:52 - 2014-03-27 23:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 22:28 - 2014-10-20 10:06 - 00001767 _____ () C:\Documents and Settings\All Users\Plocha\Google Slides.lnk
2015-01-27 22:28 - 2014-10-20 10:06 - 00001765 _____ () C:\Documents and Settings\All Users\Plocha\Google Sheets.lnk
2015-01-27 22:28 - 2014-10-20 10:06 - 00001755 _____ () C:\Documents and Settings\All Users\Plocha\Google Docs.lnk
2015-01-27 22:28 - 2014-10-20 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Drive
2015-01-26 16:07 - 2013-10-27 11:04 - 00000000 ____D () C:\Documents and Settings\User\Dokumenty\My Games
2015-01-22 22:24 - 2013-09-18 09:03 - 00000000 ____D () C:\Program Files\Spyware Terminator
==================== Files in the root of some directories =======
2013-09-18 15:49 - 2013-09-18 15:49 - 0221036 _____ () C:\Documents and Settings\User\Local Settings\Data aplikací\ars.cache
2013-09-18 15:49 - 2013-09-18 15:49 - 0294786 _____ () C:\Documents and Settings\User\Local Settings\Data aplikací\census.cache
2013-09-18 15:35 - 2013-09-18 15:35 - 0000036 _____ () C:\Documents and Settings\User\Local Settings\Data aplikací\housecall.guid.cache
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:465.62 GB) (Free:29.87 GB) NTFS ==>[Drive with boot components (Windows XP)]
Available physical RAM: 2327.31 MB
Total physical RAM: 3326.48 MB
Percentage of memory in use: 30%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 465.8 GB) (Disk ID: E815E815)
Partition 1: (Active) - (Size=465.6 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:888AFB86
==================== Security Center ==================
AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\User\Plocha" je 2043 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch
"C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files\Samsung\Kies\Kies.exe /preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD
"C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^AVer HID Receiver.lnk
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERHI~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^AVerQuick.lnk
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^SnugTV Quick Start.lnk
C:\WINDOWS\Installer\{198F93FD-9919-4010-8164-06BC2349959C}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Status Monitor.lnk
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"="C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe:*:Enabled:True Vector"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\SnugTV\\SnugTV Station\\AMAServer.exe"="C:\\Program Files\\SnugTV\\SnugTV Station\\AMAServer.exe:*:Enabled:SnugTV Service"
"C:\\Program Files\\SnugTV\\SnugTV Station\\ConfigWizard.exe"="C:\\Program Files\\SnugTV\\SnugTV Station\\ConfigWizard.exe:*:Enabled:SnugTV Configuration Wizard"
"C:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"="C:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012"
"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"="C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012"
"C:\\Games\\World_of_Tanks\\WorldOfTanks.exe"="C:\\Games\\World_of_Tanks\\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\\Games\\World_of_Tanks\\WOTLauncher.exe"="C:\\Games\\World_of_Tanks\\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"="C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe:*:Enabled:True Vector"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\\Program Files\\WarThunder\\launcher.exe"="C:\\Program Files\\WarThunder\\launcher.exe:*:Enabled:War Thunder launcher"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"80:TCP"="80:TCP:*:Enabled:War Thunder"
"443:TCP"="443:TCP:*:Enabled:War Thunder"
"20010:UDP"="20010:UDP:*:Enabled:War Thunder"
"3478:UDP"="3478:UDP:*:Enabled:War Thunder"
"7850:TCP"="7850:TCP:*:Enabled:War Thunder"
"7852:TCP"="7852:TCP:*:Enabled:War Thunder"
"7853:TCP"="7853:TCP:*:Enabled:War Thunder"
"27022:TCP"="27022:TCP:*:Enabled:War Thunder"
"6881:TCP"="6881:TCP:*:Enabled:War Thunder"
"33333:TCP"="33333:TCP:*:Enabled:War Thunder"
"20443:TCP"="20443:TCP:*:Enabled:War Thunder"
"8090:TCP"="8090:TCP:*:Enabled:War Thunder"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by User (administrator) on STOLNÍ on 16-02-2015 08:38:22
Running from C:\Documents and Settings\User\Plocha
Loaded Profiles: User (Available profiles: User)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(AVerMedia) C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
(AVerMedia TECHNOLOGIES, Inc.) C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
(Crawler Group) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
() C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
(AVerMedia Technologies, Inc.) C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
(Crawler Group) C:\Program Files\Spyware Terminator\st_rsser.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20143688 2013-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2007-07-23] (AMD)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-06-21] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-05-30] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [5456720 2015-01-22] (Crawler Group)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1292428093-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1292428093-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1292428093-1563985344-1801674531-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9078065390
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.152.40.4 10.152.40.5
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\w9d3jsc2.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Disconnect - C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\w9d3jsc2.default\Extensions\2.0@disconnect.me.xpi [2014-05-04]
FF Extension: Adblock Plus - C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\w9d3jsc2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-18]
Chrome:
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKU\S-1-5-21-1292428093-1563985344-1801674531-1003\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\User\LOCALS~1\DATAAP~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-10-20]
CHR HKU\S-1-5-21-1292428093-1563985344-1801674531-1003\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2010-04-27] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [403456 2011-04-01] () [File not signed]
R2 AVerUpdateServer; C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [168448 2011-01-06] (AVerMedia TECHNOLOGIES, Inc.) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-09-11] (Oracle Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 SnugTV Service; C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe [571904 2011-02-14] (AVerMedia Technologies, Inc.) [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [1998672 2015-01-22] (Crawler Group)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-05-30] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [90936 2014-05-29] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [96704 2007-08-04] (SlySoft, Inc.)
R3 AVerAF35; C:\WINDOWS\System32\Drivers\AVerAF35.sys [642560 2010-04-02] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [98160 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-08] (Disc Soft Ltd)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2009-07-01] (NVIDIA Corporation)
S3 silabenm; C:\WINDOWS\System32\DRIVERS\silabenm.sys [17920 2009-03-20] (Silicon Laboratories, Inc.)
S3 silabser; C:\WINDOWS\System32\DRIVERS\silabser.sys [62592 2009-03-20] (Silicon Laboratories)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2013-09-11] (Avira GmbH)
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [534024 2014-05-30] (Check Point Software Technologies Ltd.)
S4 IntelIde; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 08:38 - 2015-02-16 08:38 - 00014253 _____ () C:\Documents and Settings\User\Plocha\FRST.txt
2015-02-16 08:37 - 2015-02-16 08:38 - 00000000 ____D () C:\FRST
2015-02-16 08:35 - 2015-02-16 08:35 - 01125888 _____ (Farbar) C:\Documents and Settings\User\Plocha\FRST.exe
2015-02-16 08:35 - 2015-02-16 08:35 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\User\Plocha\FRSTLauncher.exe
2015-02-10 07:53 - 2015-02-10 20:50 - 00000000 ____D () C:\Documents and Settings\User\Plocha\Pro dagmarku
2015-01-27 13:18 - 2015-01-27 13:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-27 10:55 - 2015-01-27 10:55 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\SKIDROW
2015-01-27 10:54 - 2015-01-27 10:54 - 00000737 _____ () C:\Documents and Settings\User\Plocha\Zástupce - CivilizationV.lnk
2015-01-26 16:07 - 2015-01-26 16:07 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Data aplikací\My Games
2015-01-26 15:54 - 2015-02-15 08:21 - 00000000 ____D () C:\Program Files\Sid Meier's Civilization V
2015-01-17 22:45 - 2015-01-27 21:44 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-16 08:38 - 2014-07-13 20:44 - 00000000 ____D () C:\Documents and Settings\User\Local Settings\Temp
2015-02-16 08:38 - 2013-09-11 17:38 - 00000000 ____D () C:\Documents and Settings\User\Plocha
2015-02-16 08:37 - 2013-09-11 21:23 - 00013220 _____ () C:\WINDOWS\system32\nvAppTimestamps
2015-02-16 08:37 - 2013-09-11 17:38 - 00000000 ___HD () C:\Documents and Settings\User\Local Settings\Data aplikací
2015-02-16 08:36 - 2013-09-11 20:11 - 00000000 ____D () C:\Documents and Settings\User\Dokumenty\Stažené soubory
2015-02-16 08:32 - 2014-03-28 09:14 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 08:30 - 2013-09-11 17:33 - 01134094 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 08:27 - 2013-09-11 19:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-16 08:27 - 2013-09-11 19:28 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-16 08:26 - 2014-03-28 09:14 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 08:26 - 2013-09-11 17:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 08:26 - 2001-10-25 13:00 - 00002300 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-15 17:49 - 2013-09-17 17:32 - 00524288 _____ () C:\WINDOWS\system32\config\AVer Med.evt
2015-02-15 17:49 - 2013-09-17 17:32 - 00327680 _____ () C:\WINDOWS\system32\config\AVer Aut.evt
2015-02-15 17:49 - 2013-09-16 22:09 - 01287542 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1292428093-1563985344-1801674531-1003-0.dat
2015-02-15 17:49 - 2013-09-16 14:41 - 00270702 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2015-02-15 17:49 - 2013-09-11 17:38 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2015-02-15 17:49 - 2013-09-11 17:36 - 00032524 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-15 17:03 - 2013-09-11 21:26 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 16:48 - 2014-02-23 19:00 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-15 14:35 - 2013-09-16 13:06 - 00000000 ____D () C:\Documents and Settings\User\Data aplikací\DAEMON Tools Lite
2015-02-13 12:37 - 2013-09-18 09:03 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2015-02-13 10:02 - 2013-09-12 21:02 - 00000000 ___RD () C:\Documents and Settings\User\Plocha\Mbank
2015-02-11 19:13 - 2013-09-13 13:12 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 19:04 - 2013-09-13 13:12 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 19:04 - 2013-09-12 17:16 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-02-11 09:14 - 2014-08-07 14:16 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Package Cache
2015-02-10 20:45 - 2013-09-11 22:04 - 00000000 ____D () C:\Program Files\Avira
2015-02-10 20:45 - 2013-09-11 22:04 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
2015-02-10 20:44 - 2013-09-11 19:26 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-09 17:33 - 2014-10-20 10:07 - 00000000 ___RD () C:\Documents and Settings\User\Dokumenty\Disk Google
2015-02-04 22:03 - 2013-09-11 21:26 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-04 22:03 - 2013-09-11 21:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-02 17:51 - 2013-09-17 13:13 - 00000000 ____D () C:\Program Files\utorrent
2015-01-31 14:36 - 2013-09-11 19:26 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-01-31 14:17 - 2014-08-12 14:52 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2015-01-31 14:17 - 2013-09-11 17:33 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2015-01-28 09:52 - 2014-03-27 23:05 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 22:28 - 2014-10-20 10:06 - 00001767 _____ () C:\Documents and Settings\All Users\Plocha\Google Slides.lnk
2015-01-27 22:28 - 2014-10-20 10:06 - 00001765 _____ () C:\Documents and Settings\All Users\Plocha\Google Sheets.lnk
2015-01-27 22:28 - 2014-10-20 10:06 - 00001755 _____ () C:\Documents and Settings\All Users\Plocha\Google Docs.lnk
2015-01-27 22:28 - 2014-10-20 10:06 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Drive
2015-01-26 16:07 - 2013-10-27 11:04 - 00000000 ____D () C:\Documents and Settings\User\Dokumenty\My Games
2015-01-22 22:24 - 2013-09-18 09:03 - 00000000 ____D () C:\Program Files\Spyware Terminator
==================== Files in the root of some directories =======
2013-09-18 15:49 - 2013-09-18 15:49 - 0221036 _____ () C:\Documents and Settings\User\Local Settings\Data aplikací\ars.cache
2013-09-18 15:49 - 2013-09-18 15:49 - 0294786 _____ () C:\Documents and Settings\User\Local Settings\Data aplikací\census.cache
2013-09-18 15:35 - 2013-09-18 15:35 - 0000036 _____ () C:\Documents and Settings\User\Local Settings\Data aplikací\housecall.guid.cache
Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:465.62 GB) (Free:29.87 GB) NTFS ==>[Drive with boot components (Windows XP)]
Available physical RAM: 2327.31 MB
Total physical RAM: 3326.48 MB
Percentage of memory in use: 30%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 465.8 GB) (Disk ID: E815E815)
Partition 1: (Active) - (Size=465.6 GB) - (Type=07 NTFS)
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Documents and Settings\All Users\Data aplikací\TEMP:888AFB86
==================== Security Center ==================
AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\User\Plocha" je 2043 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3
C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync
"C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch
"C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\Program Files\Samsung\Kies\Kies.exe /preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD
"C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^AVer HID Receiver.lnk
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERHI~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^AVerQuick.lnk
C:\PROGRA~1\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^SnugTV Quick Start.lnk
C:\WINDOWS\Installer\{198F93FD-9919-4010-8164-06BC2349959C}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^Status Monitor.lnk
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"="C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe:*:Enabled:True Vector"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\SnugTV\\SnugTV Station\\AMAServer.exe"="C:\\Program Files\\SnugTV\\SnugTV Station\\AMAServer.exe:*:Enabled:SnugTV Service"
"C:\\Program Files\\SnugTV\\SnugTV Station\\ConfigWizard.exe"="C:\\Program Files\\SnugTV\\SnugTV Station\\ConfigWizard.exe:*:Enabled:SnugTV Configuration Wizard"
"C:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe"="C:\\Program Files\\Spyware Terminator\\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012"
"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"="C:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012"
"C:\\Games\\World_of_Tanks\\WorldOfTanks.exe"="C:\\Games\\World_of_Tanks\\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\\Games\\World_of_Tanks\\WOTLauncher.exe"="C:\\Games\\World_of_Tanks\\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"="C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe:*:Enabled:True Vector"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"="C:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\\Program Files\\WarThunder\\launcher.exe"="C:\\Program Files\\WarThunder\\launcher.exe:*:Enabled:War Thunder launcher"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"80:TCP"="80:TCP:*:Enabled:War Thunder"
"443:TCP"="443:TCP:*:Enabled:War Thunder"
"20010:UDP"="20010:UDP:*:Enabled:War Thunder"
"3478:UDP"="3478:UDP:*:Enabled:War Thunder"
"7850:TCP"="7850:TCP:*:Enabled:War Thunder"
"7852:TCP"="7852:TCP:*:Enabled:War Thunder"
"7853:TCP"="7853:TCP:*:Enabled:War Thunder"
"27022:TCP"="27022:TCP:*:Enabled:War Thunder"
"6881:TCP"="6881:TCP:*:Enabled:War Thunder"
"33333:TCP"="33333:TCP:*:Enabled:War Thunder"
"20443:TCP"="20443:TCP:*:Enabled:War Thunder"
"8090:TCP"="8090:TCP:*:Enabled:War Thunder"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
