VIRY.CZ

Prosím o kontrolu, děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by zakaznik (administrator) on USER on 06-07-2015 13:30:57
Running from C:\Documents and Settings\zakaznik\Plocha
Loaded Profiles: zakaznik (Available Profiles: zakaznik & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Crawler Group) C:\Program Files\Spyware Terminator\st_rsser.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Crawler Group) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2777296 2012-09-07] (Crawler.com)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [5456720 2015-07-01] (Crawler Group)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25] (ATI Technologies Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2052111302-2077806209-1801674531-1003 -> {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKU\S-1-5-21-2052111302-2077806209-1801674531-1003 -> {A3DD4E2F-70A3-483C-93B4-99593AD1FF7B} URL = http://www.google.cz/search?q={searchTe ... {startPage}
Toolbar: HKU\S-1-5-21-2052111302-2077806209-1801674531-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244
Tcpip\..\Interfaces\{AF426A88-4E87-4378-A11C-AE6CA70FBAD9}: [DhcpNameServer] 94.74.192.252 94.74.192.244

FireFox:
========
FF ProfilePath: C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default
FF Homepage: https://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_64.dll [2013-06-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default\searchplugins\doplky-pro-firefox.xml [2013-01-11]
FF SearchPlugin: C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default\searchplugins\google-esk-republika---pouze-esky.xml [2013-12-02]
FF SearchPlugin: C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default\searchplugins\google-esk-republika.xml [2013-12-02]
FF SearchPlugin: C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default\searchplugins\google-peklada.xml [2013-01-11]
FF Extension: Zoom It - C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default\Extensions\{89462ae1-31da-02b6-5a69-6ff1eb34a9de} [2015-07-03]
FF Extension: Search Engine Sorting - C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default\Extensions\sese@yasanori.xpi [2014-05-10]
FF Extension: Utopia FFSE White - C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default\Extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}.xpi [2011-12-24]
FF Extension: Adblock Plus - C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\s2ej2umb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [268976 2015-07-03] (Adobe Systems Incorporated) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] () [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) [File not signed]
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-10-17] (Macrovision Europe Ltd.) [File not signed]
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [217088 2010-11-15] (Teruten) [File not signed]
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [1998672 2015-07-01] (Crawler Group) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
S2 wmcmgc; C:\Program Files\Common Files\\System\icm64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [20480 2005-05-31] (IVT Corporation) [File not signed]
S3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation) [File not signed]
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) [File not signed]
S3 BTHidEnum; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [11860 2005-04-30] () [File not signed]
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] (IVT Corporation) [File not signed]
S3 BTNetFilter; C:\WINDOWS\system32\drivers\BTNetFilter.sys [13304 2004-12-16] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36640 2010-11-15] () [File not signed]
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [483936 2014-06-11] (Kaspersky Lab ZAO)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28816 2008-12-18] (Logitech, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 null_flt; C:\WINDOWS\System32\Drivers\null_flt.sys [4736 2009-11-12] (null_flt) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-10-21] () [File not signed]
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
S3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation) [File not signed]
S3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation) [File not signed]
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [534024 2014-08-13] (Check Point Software Technologies Ltd.)
U3 a97lg6k7; C:\WINDOWS\system32\Drivers\a97lg6k7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-06-11] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: wmcmgc -> C:\Program Files\Common Files\\System\icm64.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 13:18 - 2015-07-06 13:31 - 00011997 _____ C:\Documents and Settings\zakaznik\Plocha\FRST.txt
2015-07-06 13:17 - 2015-07-06 13:31 - 00000000 ____D C:\FRST
2015-07-06 13:14 - 2015-07-06 13:14 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\zakaznik\Plocha\FRSTLauncher.exe
2015-07-06 13:13 - 2015-07-06 13:13 - 01636352 _____ (Farbar) C:\Documents and Settings\zakaznik\Plocha\FRST.exe
2015-07-05 16:02 - 2015-07-06 13:28 - 00000382 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1436104876.job
2015-07-05 16:01 - 2015-07-05 16:01 - 00000681 _____ C:\Documents and Settings\All Users\Plocha\Opera.lnk
2015-07-05 16:01 - 2015-07-05 16:01 - 00000681 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
2015-07-05 16:00 - 2015-07-06 13:28 - 00000000 ____D C:\Program Files\Opera
2015-07-05 15:56 - 2015-07-05 15:57 - 00000062 _____ C:\Documents and Settings\zakaznik\Plocha\debug.log
2015-07-03 23:44 - 2015-07-06 13:25 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-03 23:44 - 2015-07-04 15:43 - 00000958 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-03 23:17 - 2015-07-03 23:17 - 00102400 _____ C:\WINDOWS\Minidump\Mini070315-01.dmp
2015-07-03 23:17 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2015-07-03 23:13 - 2015-07-03 23:15 - 00000000 ____D C:\AdwCleaner
2015-07-03 22:59 - 2015-07-03 23:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malwa
2015-07-03 22:57 - 2015-07-03 22:57 - 00000426 _____ C:\Documents and Settings\zakaznik\Plocha\cc_20150703_225731.reg
2015-07-03 22:49 - 2015-07-03 22:49 - 00003630 _____ C:\Documents and Settings\zakaznik\Plocha\cc_20150703_224933.reg
2015-07-03 14:35 - 2015-07-05 16:02 - 00000000 ____D C:\Documents and Settings\zakaznik\Data aplikací\Opera Software
2015-07-03 14:35 - 2015-07-05 15:57 - 00000000 ____D C:\Documents and Settings\zakaznik\Local Settings\Data aplikací\Opera Software
2015-07-03 14:05 - 2015-07-03 14:05 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha\Fiery_Color_001-002.pdf-JPG
2015-07-03 14:02 - 2015-07-03 14:10 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-03 13:56 - 2015-07-03 13:56 - 00000000 ____D C:\Program Files\PDF Helper
2015-06-27 18:36 - 2015-06-27 18:36 - 00054841 _____ C:\Documents and Settings\zakaznik\Plocha\On-the-Edge(0000195345).srt
2015-06-24 23:18 - 2015-07-03 11:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-14 11:46 - 2015-06-14 11:49 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha\Noc-je-ještě-mladá-(2011)-CZ-Dabing---M941
2015-06-14 10:58 - 2015-06-14 11:38 - 727056505 _____ C:\Documents and Settings\zakaznik\Plocha\Noc-je-ještě-mladá-(2011)-CZ-Dabing---M941.rar
2015-06-10 22:22 - 2015-06-10 22:22 - 00000000 ____D C:\Documents and Settings\zakaznik\Local Settings\Data aplikací\Comodo

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-06 13:31 - 2012-07-05 17:55 - 00000000 ____D C:\Documents and Settings\zakaznik\Local Settings\temp
2015-07-06 13:29 - 2009-06-01 17:55 - 01057244 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-06 13:28 - 2009-06-01 19:49 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-06 13:28 - 2009-06-01 19:49 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-06 13:28 - 2009-06-01 18:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-06 13:27 - 2009-06-01 18:01 - 00000178 ___SH C:\Documents and Settings\zakaznik\ntuser.ini
2015-07-06 13:27 - 2009-06-01 18:00 - 00032458 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-06 13:26 - 2009-06-01 18:01 - 00000000 ____D C:\Documents and Settings\zakaznik
2015-07-06 13:18 - 2009-06-01 18:01 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha
2015-07-06 13:15 - 2014-10-25 10:18 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha\firefox stažené
2015-07-06 12:49 - 2001-10-25 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-05 16:01 - 2009-06-01 19:46 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-07-05 16:01 - 2009-06-01 19:46 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-07-04 10:48 - 2011-01-01 03:08 - 00000000 ____D C:\Documents and Settings\zakaznik\Local Settings\Data aplikací\Opera
2015-07-04 10:48 - 2011-01-01 03:08 - 00000000 ____D C:\Documents and Settings\zakaznik\Data aplikací\Opera
2015-07-04 10:47 - 2014-12-17 12:02 - 00000000 ___RD C:\Program Files\Skype
2015-07-04 10:47 - 2009-09-23 13:21 - 00000000 ___RD C:\Person
2015-07-04 08:03 - 2010-03-05 09:15 - 00000000 ____D C:\Program Files\Google
2015-07-04 08:02 - 2010-03-05 09:15 - 00000000 ____D C:\Documents and Settings\zakaznik\Local Settings\Data aplikací\Google
2015-07-03 23:56 - 2009-06-01 18:01 - 00000000 ___HD C:\Documents and Settings\zakaznik\Local Settings\Data aplikací
2015-07-03 23:46 - 2009-06-06 13:13 - 00000000 ____D C:\Documents and Settings\zakaznik\Local Settings\Data aplikací\Adobe
2015-07-03 23:46 - 2009-06-01 18:01 - 00000000 ___RD C:\Documents and Settings\zakaznik\Dokumenty
2015-07-03 23:44 - 2013-06-11 15:22 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-03 23:44 - 2013-06-11 15:22 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-03 23:17 - 2009-10-01 13:30 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-03 23:15 - 2009-06-01 19:46 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-07-03 23:11 - 2015-05-11 08:10 - 00000000 ____D C:\Program Files\SRWare Iron
2015-07-03 22:56 - 2014-10-29 13:49 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-07-03 22:48 - 2009-06-07 10:29 - 00000000 ____D C:\Documents and Settings\zakaznik\Data aplikací\uTorrent
2015-07-03 15:43 - 2014-10-29 08:00 - 00000000 ____D C:\Documents and Settings\Administrator
2015-07-03 15:43 - 2009-06-01 18:00 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-07-03 15:43 - 2009-06-01 17:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-07-03 15:42 - 2009-06-01 18:01 - 00000000 ___HD C:\Documents and Settings\zakaznik\Data aplikací
2015-07-03 15:42 - 2009-06-01 17:53 - 00000000 ____D C:\WINDOWS\Registration
2015-07-02 23:11 - 2014-12-25 13:26 - 00000000 ____D C:\Program Files\Spyware Terminator
2015-07-01 18:07 - 2014-12-25 13:28 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2015-06-24 23:21 - 2015-05-05 20:52 - 00000000 ____D C:\Program Files\Mozilla Firefox.bak
2015-06-10 22:22 - 2014-10-26 11:31 - 00000000 ____D C:\Program Files\Comodo
2015-06-10 22:21 - 2014-10-26 11:35 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Data aplikací\COMODO

==================== Files in the root of some directories =======

2009-06-01 19:40 - 2009-06-01 19:40 - 0000180 _____ () C:\Documents and Settings\zakaznik\Data aplikací\setup.log
2009-06-01 19:40 - 2009-06-01 20:10 - 0000760 _____ () C:\Documents and Settings\zakaznik\Data aplikací\setup_ldm.iss
2009-06-12 15:38 - 2014-02-05 18:15 - 0065536 _____ () C:\Documents and Settings\zakaznik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\zakaznik\Local Settings\temp\8348.exe
C:\Documents and Settings\zakaznik\Local Settings\temp\fsdE8.exe
C:\Documents and Settings\zakaznik\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\zakaznik\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Zdravim

Minule jste se na to pekne vy.... . Ma cenu to kontrolovat?

Pouzivate nejaky antivir? Vidim tam stopy Kasperskeho, ale v bezicich procesech ho nevidim.

Odinstaloval bych Terminatora, uz davno neni to co byval.

Já tebe taky

Pardon. Cenu to má i nemá. Jde mi jen o to, jestli v pc nemám nějakej balast, který bez mýho vědomí odesílá informace ven.

Za pár týdnů budu přeinstalovávat Win, ale do té doby bych byl rád, aby to ještě trochu bezpečně běželo.

Mám tu jen ZoneAlarm a SpywareTerminator, ale je mi jasný, že to nebude úplně ono.

casablancass píše:Pardon. Cenu to má i nemá. Jde mi jen o to, jestli v pc nemám nějakej balast, který bez mýho vědomí odesílá informace ven.

Ja to myslel tak, jestli to dokoncite. Protoze u minule kontroly jste neudelal ani prvni krok. Tak jestli ma cenu procitat logy.


ZoneAlarm jen firewall?

Terminatora bych vyhodil a dal tam treba Avast, nebo Bitdefender free.

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Tentokrát to cenu mít bude.

ZoneAlarm je FreeAntivirus + Firewall, takže vlastně jen firewall.

Terminátor odinstalován.

# AdwCleaner v4.207 - Logfile created 08/07/2015 at 22:16:44
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : zakaznik - USER
# Running from : C:\Documents and Settings\zakaznik\Plocha\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsers ] *****

-\\ Internet Explorer v7.0.6000.17055


-\\ Mozilla Firefox v39.0 (x86 cs)


-\\ Chromium v


-\\ Comodo Dragon v43.3.3.185


-\\ Opera v30.0.1835.52


*************************

AdwCleaner[R2].txt - [1215 bytes] - [08/07/2015 22:11:05]
AdwCleaner[R3].txt - [1274 bytes] - [08/07/2015 22:15:34]
AdwCleaner[S1].txt - [1207 bytes] - [08/07/2015 22:16:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1266 bytes] ##########

Free antivir je taky antivir. Nicmene zvolil bych jiny.


Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade na novejsi verzi a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

Dobrý den,
můžeme pokračovat?

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2015.08.29.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
zakaznik :: USER [administrátor]

Ochrana: Zakázána

29.8.2015 9:41:05
MBAM-log-2015-08-29 (14-16-17).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 493579
Uplynulý čas: 3 hodin, 4 minut, 43 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\Software\BS_Player (PUP.Optional.BSPlayer.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 1
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615 (PUP.Optional.GlobalUpdate.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 37
C:\Documents and Settings\zakaznik\Local Settings\temp\8348.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\fsdE8.exe (PUP.Optional.OfferInstaller.C) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\globalupdate.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\globalupdateBroker.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\globalupdateCrashHandler.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\globalupdateOnDemand.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\goopdate.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\goopdateres_en.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\npglobalupdateUpdate4.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\psmachine.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\psuser.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_76.exe (PUP.Optional.MyStartSearch.ShrtCln) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Plocha\firefox stažené\GOMPLAYERENSETUP.EXE (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP174\A0101920.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP174\A0101921.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP174\A0101922.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP174\A0101924.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP174\A0101925.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103080.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103082.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103083.exe (PUP.Optional.GoHD.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103084.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103085.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103086.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103087.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103088.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103089.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103091.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103092.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103094.exe (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103103.dll (PUP.Optional.SearchProtect) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103104.dll (PUP.Optional.BrowserWatch) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103105.dll (PUP.Optional.BrowserWatch) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103093.dll (PUP.Optional.ModGoog) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP175\A0103139.exe (PUP.Optional.XTab.A) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{26837103-34EF-4295-B835-69581D5142C5}\RP209\A0127989.exe (PUP.Optional.OutBrowse) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\zakaznik\Local Settings\temp\comh.363615\globalupdateHelper.msi (PUP.Optional.GlobalUpdate.A) -> Nebyla provedena žádná instrukce.

(konec)

No jestli budete delat takove pauzy, tak to nemas moc smysl, tedy pokud se v te dobe pc pouziva.

Jelikoz je havet v bodech obnovy...

Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.

Hotovo podle návodu.

Může mít zaplý prohlížeč během kontroly MBAM na výsledky nějaký vliv? Raději se ptám, i když myslím, že ne.


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2015.09.04.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
zakaznik :: USER [administrátor]

Ochrana: Povolena

5.9.2015 7:05:21
mbam-log-2015-09-05 (07-05-21).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 489480
Uplynulý čas: 3 hodin, 41 minut, 20 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

casablancass píše:Může mít zaplý prohlížeč během kontroly MBAM na výsledky nějaký vliv?

V tomhle pripade ne.

MBAM odinstalujte.

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=30&t=130787

a k tomu

Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Vytváření bodu obnovy znovu zapnuto.

První log:

Logfile of random's system information tool 1.10 (written by random/random)
Run by zakaznik at 2015-09-05 12:20:05
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (8%) free of 153 GB
Total RAM: 1022 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:40, on 5.9.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\zakaznik\Plocha\RSIT.exe
C:\Program Files\trend micro\zakaznik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ${SEARCH_URL_IE7}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe -update pepperplugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe -update pepperplugin (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe

--
End of file - 5270 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1436104876.job - C:\Program Files\Opera\launcher.exe --scheduledautoupdate

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\ksvtzl3d.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.64 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1214154.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\Program Files\TVUPlayer\npTVUAx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll

C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\ksvtzl3d.default\searchplugins\
firmycz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"=C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [2014-08-13 137352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Steam\steamapps\poorfox\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\poorfox\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Documents and Settings\zakaznik\Plocha\uTorrent.exe"="C:\Documents and Settings\zakaznik\Plocha\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\zakaznik\Data aplikací\uTorrent\uTorrent.exe"="C:\Documents and Settings\zakaznik\Data aplikací\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe"="C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe:*:Enabled:True Vector"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe"="C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe:*:Enabled:True Vector"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-08-31 09:36:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\GRETECH
2015-08-31 09:33:11 ----D---- C:\Documents and Settings\zakaznik\Data aplikací\GRETECH
2015-08-31 08:39:28 ----D---- C:\Documents and Settings\zakaznik\Data aplikací\vlc
2015-08-27 22:34:57 ----D---- C:\Program Files\Mozilla Firefox
2015-08-20 09:00:03 ----D---- C:\Program Files\Common Files\Skype
2015-08-20 08:59:59 ----RD---- C:\Program Files\Skype

======List of files/folders modified in the last 1 month======

2015-09-05 12:20:24 ----D---- C:\Program Files\trend micro
2015-09-05 12:20:12 ----D---- C:\WINDOWS\Prefetch
2015-09-05 12:18:52 ----D---- C:\WINDOWS\temp
2015-09-05 12:12:57 ----SHD---- C:\System Volume Information
2015-09-05 12:09:30 ----D---- C:\Program Files\Opera
2015-09-05 12:08:54 ----RD---- C:\Program Files
2015-09-05 12:07:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-09-05 12:06:00 ----D---- C:\WINDOWS\system32\drivers
2015-09-04 22:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2015-09-04 22:07:56 ----D---- C:\WINDOWS\system32\Restore
2015-09-04 22:06:12 ----D---- C:\WINDOWS
2015-09-03 23:54:54 ----D---- C:\Documents and Settings\zakaznik\Data aplikací\Skype
2015-08-31 09:32:38 ----D---- C:\Program Files\GRETECH
2015-08-31 08:36:30 ----D---- C:\Program Files\VideoLAN
2015-08-31 07:08:20 ----D---- C:\Documents and Settings\zakaznik\Data aplikací\uTorrent
2015-08-20 09:00:27 ----SHD---- C:\WINDOWS\Installer
2015-08-20 09:00:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2015-08-20 09:00:03 ----D---- C:\Program Files\Common Files
2015-08-20 08:59:59 ----D---- C:\WINDOWS\system32
2015-08-18 17:30:56 ----D---- C:\WINDOWS\Minidump
2015-08-16 09:18:39 ----D---- C:\Program Files\Settlers 3 Gold Edition
2015-08-06 14:01:21 ----D---- C:\Program Files\PokerStars.EU
2015-08-06 13:45:46 ----D---- C:\Program Files\Full Tilt Poker.Eu

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys [2014-06-11 135776]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-10-21 721904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2014-06-11 483936]
R1 Vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2014-08-13 534024]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 null_flt;null_flt; \??\C:\WINDOWS\System32\Drivers\null_flt.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-26 3565568]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-05-22 5082624]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 a03gq1yh;a03gq1yh; C:\WINDOWS\system32\drivers\a03gq1yh.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-12-18 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-12-18 63248]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-12-18 79248]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\WINDOWS\System32\Drivers\nx6000.sys [2010-05-20 30576]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2015-06-26 1994936]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-11-15 217088]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [2014-08-13 96272]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 vsmon;TrueVector Internet Monitor; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2014-08-13 3596752]
S2 wmcmgc;Windows Management Configuration; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-03 268976]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-17 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-09-2015
Ran by zakaznik (administrator) on USER (05-09-2015 12:26:28)
Running from C:\Documents and Settings\zakaznik\Plocha
Loaded Profiles: zakaznik (Available Profiles: zakaznik & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\zakaznik\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2009-02-25] (ATI Technologies Inc.)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe [1154736 2015-07-03] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2009-02-09] (Autodesk, Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 94.74.192.252 94.74.192.244
Tcpip\..\Interfaces\{AF426A88-4E87-4378-A11C-AE6CA70FBAD9}: [DhcpNameServer] 94.74.192.252 94.74.192.244

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2052111302-2077806209-1801674531-1003 -> {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =
SearchScopes: HKU\S-1-5-21-2052111302-2077806209-1801674531-1003 -> {A3DD4E2F-70A3-483C-93B4-99593AD1FF7B} URL = hxxp://www.google.cz/search?q={searchTerms}&rl ... {startPage}
Toolbar: HKU\S-1-5-21-2052111302-2077806209-1801674531-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\ksvtzl3d.default
FF Homepage: hxxps://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_64.dll [2013-06-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer -> C:\Program Files\TVUPlayer\npTVUAx.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\ksvtzl3d.default\searchplugins\firmycz.xml [2015-08-04]
FF Extension: Adblock Plus - C:\Documents and Settings\zakaznik\Data aplikací\Mozilla\Firefox\Profiles\ksvtzl3d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [268976 2015-07-03] (Adobe Systems Incorporated) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2009-02-25] () [File not signed]
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.) [File not signed]
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2009-10-17] (Macrovision Europe Ltd.) [File not signed]
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [217088 2010-11-15] (Teruten) [File not signed]
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
S2 wmcmgc; C:\Program Files\Common Files\\System\icm64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S3 BlueletAudio; C:\WINDOWS\System32\DRIVERS\blueletaudio.sys [20480 2005-05-31] (IVT Corporation) [File not signed]
S3 BT; C:\WINDOWS\System32\DRIVERS\btnetdrv.sys [10804 2005-04-30] (IVT Corporation) [File not signed]
S3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [23000 2005-05-31] (IVT Corporation) [File not signed]
S3 BTHidEnum; C:\WINDOWS\System32\DRIVERS\vbtenum.sys [11860 2005-04-30] () [File not signed]
R0 BTHidMgr; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [28271 2005-04-30] (IVT Corporation) [File not signed]
S3 BTNetFilter; C:\WINDOWS\system32\drivers\BTNetFilter.sys [13304 2004-12-16] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36640 2010-11-15] () [File not signed]
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [483936 2014-06-11] (Kaspersky Lab ZAO)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28816 2008-12-18] (Logitech, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 null_flt; C:\WINDOWS\System32\Drivers\null_flt.sys [4736 2009-11-12] (null_flt) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-10-21] () [File not signed]
S3 VComm; C:\WINDOWS\System32\DRIVERS\VComm.sys [61312 2004-10-19] (IVT Corporation) [File not signed]
S3 VcommMgr; C:\WINDOWS\System32\Drivers\VcommMgr.sys [82148 2005-03-25] (IVT Corporation) [File not signed]
R1 Vsdatant; C:\WINDOWS\System32\vsdatant.sys [534024 2014-08-13] (Check Point Software Technologies Ltd.)
U3 a03gq1yh; C:\WINDOWS\system32\Drivers\a03gq1yh.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S4 IntelIde; no ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-06-11] (Kaspersky Lab ZAO)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: wmcmgc -> C:\Program Files\Common Files\\System\icm64.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 12:26 - 2015-09-05 12:26 - 00010311 _____ C:\Documents and Settings\zakaznik\Plocha\FRST.txt
2015-09-05 12:13 - 2015-09-05 12:14 - 01107968 _____ C:\Documents and Settings\zakaznik\Plocha\RSIT.exe
2015-09-04 22:06 - 2015-09-04 22:06 - 00006790 _____ C:\WINDOWS\FaxSetup.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00006539 _____ C:\WINDOWS\iis6.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00004718 _____ C:\WINDOWS\ocgen.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00004591 _____ C:\WINDOWS\tsoc.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00002483 _____ C:\WINDOWS\comsetup.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00001891 _____ C:\WINDOWS\imsins.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00001854 _____ C:\WINDOWS\msmqinst.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00001799 _____ C:\WINDOWS\ntdtcsetup.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00001592 _____ C:\WINDOWS\netfxocm.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00000719 _____ C:\WINDOWS\MedCtrOC.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00000469 _____ C:\WINDOWS\ocmsn.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00000430 _____ C:\WINDOWS\msgsocm.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00000311 _____ C:\WINDOWS\tabletoc.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-04 22:06 - 2015-09-04 22:06 - 00000000 _____ C:\WINDOWS\setupact.log
2015-08-31 12:52 - 2015-08-31 12:52 - 00105931 _____ C:\Documents and Settings\zakaznik\Plocha\Aliens(0000167027).srt
2015-08-31 09:36 - 2015-08-31 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\GRETECH
2015-08-31 09:33 - 2015-08-31 09:33 - 00000868 _____ C:\Documents and Settings\zakaznik\Nabídka Start\GOM Player.lnk
2015-08-31 09:33 - 2015-08-31 09:33 - 00000868 _____ C:\Documents and Settings\All Users\Plocha\GOM Player.lnk
2015-08-31 09:33 - 2015-08-31 09:33 - 00000000 ____D C:\Documents and Settings\zakaznik\Data aplikací\GRETECH
2015-08-31 09:33 - 2015-08-31 09:33 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\GOM Player
2015-08-31 08:39 - 2015-08-31 08:39 - 00000000 ____D C:\Documents and Settings\zakaznik\Data aplikací\vlc
2015-08-30 22:12 - 2015-08-30 22:12 - 00197270 _____ C:\Documents and Settings\zakaznik\Plocha\Aliens.Directors.Cut.1986.1080p.BRrip.x264.GAZ.YIFY.srt
2015-08-28 16:21 - 2015-08-28 16:21 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha\mba kontrola
2015-08-27 22:34 - 2015-09-05 03:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-20 09:00 - 2015-08-20 09:00 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-20 09:00 - 2015-08-20 09:00 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-08-20 08:59 - 2015-08-20 09:00 - 00000000 ___RD C:\Program Files\Skype
2015-08-18 17:30 - 2015-08-18 17:30 - 00102400 _____ C:\WINDOWS\Minidump\Mini081815-01.dmp
2015-08-16 07:58 - 2015-08-16 07:58 - 00000000 ____D C:\Documents and Settings\zakaznik\Dokumenty\GomPlayer
2015-08-11 22:19 - 2015-08-11 22:20 - 00069847 _____ C:\Documents and Settings\zakaznik\Plocha\Jurassic-World(0000256896).srt
2015-08-06 13:46 - 2015-08-06 13:46 - 00000000 ____D C:\Documents and Settings\zakaznik\Local Settings\Data aplikací\FullTiltPokerEU

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 12:26 - 2015-07-06 13:17 - 00000000 ____D C:\FRST
2015-09-05 12:26 - 2012-07-05 17:55 - 00000000 ____D C:\Documents and Settings\zakaznik\Local Settings\temp
2015-09-05 12:26 - 2009-06-01 18:01 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha
2015-09-05 12:25 - 2015-07-03 23:44 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-05 12:25 - 2009-06-01 18:01 - 00000000 ___HD C:\Documents and Settings\zakaznik\Local Settings\Data aplikací
2015-09-05 12:20 - 2014-10-19 21:09 - 00000000 ____D C:\Program Files\trend micro
2015-09-05 12:19 - 2011-05-13 22:28 - 00000000 ____D C:\Documents and Settings\zakaznik\Dokumenty\Stažené soubory
2015-09-05 12:17 - 2015-07-06 13:14 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\zakaznik\Plocha\FRSTLauncher.exe
2015-09-05 12:17 - 2009-06-01 18:01 - 00000000 ___RD C:\Documents and Settings\zakaznik\Dokumenty
2015-09-05 12:15 - 2015-07-06 13:13 - 01690624 _____ (Farbar) C:\Documents and Settings\zakaznik\Plocha\FRST.exe
2015-09-05 12:12 - 2009-06-01 17:53 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-09-05 12:10 - 2009-06-01 17:55 - 01626046 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-05 12:09 - 2015-07-05 16:02 - 00000382 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1436104876.job
2015-09-05 12:09 - 2015-07-05 16:00 - 00000000 ____D C:\Program Files\Opera
2015-09-05 12:09 - 2009-06-01 19:49 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-05 12:09 - 2009-06-01 19:49 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-05 12:09 - 2009-06-01 18:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-05 12:07 - 2009-06-01 18:01 - 00000178 ___SH C:\Documents and Settings\zakaznik\ntuser.ini
2015-09-05 12:07 - 2009-06-01 18:01 - 00000000 ____D C:\Documents and Settings\zakaznik
2015-09-05 12:07 - 2009-06-01 18:00 - 00032496 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-05 12:06 - 2009-06-01 19:46 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-09-05 12:06 - 2009-06-01 19:46 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-09-05 11:43 - 2015-07-03 23:44 - 00000958 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-04 22:12 - 2014-10-19 20:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB972270$
2015-09-04 22:09 - 2014-10-25 10:18 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha\firefox stažené
2015-09-03 23:54 - 2009-06-04 13:21 - 00000000 ____D C:\Documents and Settings\zakaznik\Data aplikací\Skype
2015-08-31 09:36 - 2009-06-01 19:46 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-08-31 09:33 - 2009-06-01 18:01 - 00000000 ___RD C:\Documents and Settings\zakaznik\Nabídka Start
2015-08-31 09:33 - 2009-06-01 18:01 - 00000000 ___HD C:\Documents and Settings\zakaznik\Data aplikací
2015-08-31 09:32 - 2014-04-18 21:49 - 00000000 ____D C:\Program Files\GRETECH
2015-08-31 08:36 - 2014-11-01 08:42 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-31 07:08 - 2009-06-07 10:29 - 00000000 ____D C:\Documents and Settings\zakaznik\Data aplikací\uTorrent
2015-08-21 07:54 - 2001-10-25 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-20 14:45 - 2015-05-28 11:20 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha\Nová složka (3)
2015-08-20 09:00 - 2009-06-04 13:21 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-08-18 17:30 - 2009-10-01 13:30 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-18 16:54 - 2012-09-25 13:39 - 00000000 ____D C:\Documents and Settings\zakaznik\Plocha\práce životopis
2015-08-16 09:18 - 2009-10-21 23:52 - 00000000 ____D C:\Program Files\Settlers 3 Gold Edition
2015-08-11 19:29 - 2009-06-01 18:04 - 00000000 __SHD C:\Documents and Settings\zakaznik\UserData
2015-08-06 14:01 - 2015-04-24 19:06 - 00000000 ____D C:\Program Files\PokerStars.EU
2015-08-06 13:45 - 2015-04-24 20:18 - 00000000 ____D C:\Program Files\Full Tilt Poker.Eu

==================== Files in the root of some directories =======

2009-06-01 19:40 - 2009-06-01 19:40 - 0000180 _____ () C:\Documents and Settings\zakaznik\Data aplikací\setup.log
2009-06-01 19:40 - 2009-06-01 20:10 - 0000760 _____ () C:\Documents and Settings\zakaznik\Data aplikací\setup_ldm.iss
2009-06-12 15:38 - 2014-02-05 18:15 - 0065536 _____ () C:\Documents and Settings\zakaznik\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\zakaznik\Local Settings\temp\ExPromo.exe
C:\Documents and Settings\zakaznik\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\zakaznik\Local Settings\temp\SkypeSetup.exe
C:\Documents and Settings\zakaznik\Local Settings\temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1436104876.job => C:\Program Files\Opera\launcher.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ZoneAlarm Antivirus (Disabled - Up to date) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\zakaznik\Plocha" je 3490 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
Reim ECHO je vypnut.


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ7.2\\ICQ.exe"="C:\\Program Files\\ICQ7.2\\ICQ.exe:*:Enabled:ICQ7.2"
"C:\\Program Files\\ICQ7.2\\aolload.exe"="C:\\Program Files\\ICQ7.2\\aolload.exe:*:Enabled:aolload.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"="C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe:*:Enabled:True Vector"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\ICQ7.2\\ICQ.exe"="C:\\Program Files\\ICQ7.2\\ICQ.exe:*:Enabled:ICQ7.2"
"C:\\Program Files\\ICQ7.2\\aolload.exe"="C:\\Program Files\\ICQ7.2\\aolload.exe:*:Enabled:aolload.exe"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\Steam\\steamapps\\poorfox\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\poorfox\\counter-strike\\hl.exe:*:Enabled:Counter-Strike"
"C:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"="C:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\\Documents and Settings\\zakaznik\\Plocha\\uTorrent.exe"="C:\\Documents and Settings\\zakaznik\\Plocha\\uTorrent.exe:*:Enabled:Torrent"
"C:\\Documents and Settings\\zakaznik\\Data aplikac\\uTorrent\\uTorrent.exe"="C:\\Documents and Settings\\zakaznik\\Data aplikac\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"="C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe:*:Enabled:True Vector"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\zakaznik\Plocha" je 3490 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku




Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Díky za rady.

Fix result of Farbar Recovery Scan Tool (x86) Version:07-09-2015
Ran by zakaznik (2015-09-07 21:34:20) Run:2
Running from C:\Documents and Settings\zakaznik\Plocha
Loaded Profiles: zakaznik (Available Profiles: zakaznik & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe [1154736 2015-07-03] (Adobe Systems Incorporated)
BootExecute: autocheck autochk * sdnclean.exe

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2052111302-2077806209-1801674531-1003 -> {5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} URL =

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [268976 2015-07-03] (Adobe Systems Incorporated) [File not signed]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-06-11] (Kaspersky Lab ZAO)
R0 KL1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [483936 2014-06-11] (Kaspersky Lab ZAO)
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]

C:\Windows\System32\Drivers\klflt.sys
C:\WINDOWS\System32\DRIVERS\kl1.sys
C:\WINDOWS\System32\DRIVERS\klif.sys

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_194_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1436104876.job => C:\Program Files\Opera\launcher.exe

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => value not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2052111302-2077806209-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} => key not found.
HKCR\CLSID\{5C5360F5-5F2D-4E4A-84B1-ABD053DB35A9} => key not found.
AdobeFlashPlayerUpdateSvc => service not found.
klflt => service not found.
KL1 => service not found.
KLIF => Unable to stop service.
KLIF => service could not remove
SkypeUpdate => service not found.
Could not move "C:\Windows\System32\Drivers\klflt.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\DRIVERS\kl1.sys" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\DRIVERS\klif.sys" => Scheduled to move on reboot.
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => not found.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => not found.
C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1436104876.job => not found.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM => key not found.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 11.4 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-09-07 21:36:33)<=

"C:\Windows\System32\Drivers\klflt.sys" => Could not move
"C:\WINDOWS\System32\DRIVERS\kl1.sys" => Could not move

Dejte novy log z RSIT.