prosím o preventivní kontrolu

Zpráva

NOSAK · #1 Příspěvek od **NOSAK** » 05 srp 2015 21:03

Pc je zpomalené, seká se, videa chodí trhaně....děkuji za kontrolu

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
Ran by Petr (administrator) on DOMA (05-08-2015 21:58:59)
Running from C:\Documents and Settings\Petr\Plocha
Loaded Profiles: Petr (Available Profiles: Petr)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PtiuPbmd] => Rundll32.exe ptipbm.dll,SetWriteBack
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [90112 2009-10-02] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [SpywareTerminator] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2176512 2010-07-27] (Crawler.com)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [Bonus.SSR.FR12] => C:\Program Files\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-05-11] (ABBYY Production LLC.)
HKLM\...\Run: [Ptipbmf] => rundll32.exe ptipbmf.dll,SetWriteCacheMode
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-08-26] (ATI Technologies Inc.)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2912256 2009-03-11] (Leadtek Research Inc.)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [SpywareTerminatorUpdate] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [3037696 2010-07-27] (Crawler.com)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [2010-07-05]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dl ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-220523388-2147186123-839522115-1003 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-220523388-2147186123-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39CD1C0B-E062-419A-8631-C63F54885A74}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default
FF DefaultSearchUrl:
FF SelectedSearchEngine:
FF Homepage: https://seznam.cz/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-12-14] (mozilla.org)
FF SearchPlugin: C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\searchplugins\firmycz.xml [2015-03-28]
FF SearchPlugin: C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\searchplugins\mapycz.xml [2015-03-28]
FF SearchPlugin: C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\searchplugins\zbocz.xml [2015-03-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-28]
FF Extension: Seznam lištička - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-05-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-05]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [606208 2010-08-26] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-09-14] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771456 2015-04-03] (Enigma Software Group USA, LLC.)
R2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [488960 2010-07-27] (Crawler.com) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [5386752 2010-08-26] (ATI Technologies Inc.) [File not signed]
R3 camfilt2; C:\WINDOWS\System32\DRIVERS\camfilt2.sys [96384 2007-08-29] (Guillemot Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [743367 2003-05-01] (C-Media Inc)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-03] ()
S0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [156672 2003-06-10] (Promise Technology, Inc.)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 ovt530; C:\WINDOWS\System32\Drivers\ov530vid.sys [167464 2007-02-02] (OmniVision Technologies, Inc.)
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-07-29] (VSO Software) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-06-03] () [File not signed]
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2010-07-27] () [File not signed]
R0 UlSata; C:\WINDOWS\System32\DRIVERS\ulsata.sys [64256 2003-01-26] (Promise Technology, Inc.) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
R0 viasraid; C:\WINDOWS\System32\drivers\viasraid.sys [75904 2003-06-12] (VIA Technologies inc,.ltd) [File not signed]
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2002-10-24] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [10496 2002-11-13] (VIA Technologies, Inc.) [File not signed]
R3 WFLR6654; C:\WINDOWS\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
U3 ayfz3d81; C:\WINDOWS\system32\Drivers\ayfz3d81.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 21:58 - 2015-08-05 21:59 - 00013896 _____ C:\Documents and Settings\Petr\Plocha\FRST.txt
2015-08-05 21:58 - 2015-08-05 21:59 - 00000000 ____D C:\FRST
2015-08-05 21:56 - 2015-08-05 21:56 - 00688992 _____ (Swearware) C:\Documents and Settings\Petr\Plocha\dds.exe
2015-08-05 21:55 - 2015-08-05 21:55 - 01107968 _____ C:\Documents and Settings\Petr\Plocha\RSIT.exe
2015-08-05 21:53 - 2015-08-05 21:53 - 01673728 _____ (Farbar) C:\Documents and Settings\Petr\Plocha\FRST.exe
2015-07-26 09:00 - 2015-07-26 09:01 - 00819200 _____ C:\Documents and Settings\Petr\Dokumenty\Kontakty1.accdb
2015-07-26 08:57 - 2015-07-26 08:59 - 00577536 _____ C:\Documents and Settings\Petr\Dokumenty\Database1.accdb
2015-07-26 08:56 - 2015-07-26 08:57 - 00749568 _____ C:\Documents and Settings\Petr\Dokumenty\Kontakty.accdb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 21:59 - 2010-06-03 19:52 - 00000000 ____D C:\Documents and Settings\Petr\Local Settings\Temp
2015-08-05 21:58 - 2010-06-03 19:52 - 00000000 ____D C:\Documents and Settings\Petr\Plocha
2015-08-05 21:56 - 2010-11-24 13:40 - 00000000 ____D C:\Documents and Settings\Petr\Dokumenty\Stažené soubory
2015-08-05 21:08 - 2015-03-29 09:42 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-05 15:53 - 2015-03-29 09:09 - 00059601 _____ C:\WINDOWS\AutoKMS.log
2015-08-05 15:53 - 2015-03-29 08:39 - 00000198 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-08-05 15:53 - 2010-06-03 19:46 - 01749577 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-05 15:52 - 2010-06-03 21:37 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-05 15:52 - 2010-06-03 21:37 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-08-05 15:51 - 2010-06-03 19:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-05 10:08 - 2010-06-03 19:52 - 00032352 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-04 22:10 - 2010-06-03 19:52 - 00000178 ___SH C:\Documents and Settings\Petr\ntuser.ini
2015-08-04 16:47 - 2001-10-25 16:00 - 00002228 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-03 23:05 - 2010-08-08 13:19 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-08-03 07:21 - 2015-03-28 21:20 - 00734653 _____ C:\WINDOWS\setupapi.log
2015-07-27 20:20 - 2010-06-11 15:02 - 00000000 ____D C:\Documents and Settings\Petr\Dokumenty\Petr
2015-07-26 09:00 - 2010-06-03 19:52 - 00000000 ___RD C:\Documents and Settings\Petr\Dokumenty
2015-07-26 08:59 - 2015-04-03 07:11 - 00002475 _____ C:\Documents and Settings\Petr\Plocha\Microsoft Access 2010.lnk
2015-07-25 19:26 - 2010-09-04 16:24 - 00002463 _____ C:\Documents and Settings\Petr\Plocha\Microsoft Excel 2010.lnk
2015-07-15 16:08 - 2015-03-29 09:42 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-15 16:08 - 2015-03-29 09:42 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-08-08 21:50 - 2010-11-24 14:25 - 0000172 ____C () C:\Documents and Settings\Petr\Data aplikací\default.rss
2010-07-29 21:15 - 2010-07-29 22:09 - 0087608 ____C () C:\Documents and Settings\Petr\Data aplikací\inst.exe
2010-07-29 21:15 - 2010-07-29 22:09 - 0007887 ____C () C:\Documents and Settings\Petr\Data aplikací\pcouffin.cat
2010-07-29 21:15 - 2010-07-29 22:09 - 0001144 ____C () C:\Documents and Settings\Petr\Data aplikací\pcouffin.inf
2010-07-29 21:15 - 2010-07-29 22:09 - 0000033 ____C () C:\Documents and Settings\Petr\Data aplikací\pcouffin.log
2010-07-29 21:15 - 2010-07-29 22:09 - 0047360 ____C (VSO Software) C:\Documents and Settings\Petr\Data aplikací\pcouffin.sys
2010-07-29 21:16 - 2010-07-29 22:07 - 0001057 ____C () C:\Documents and Settings\Petr\Data aplikací\vso_ts_preview.xml
2010-09-10 21:07 - 2015-03-28 14:40 - 0007680 _____ () C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Petr\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Petr\Local Settings\Temp\Utils.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

#2 Příspěvek od **Márty84** » 07 srp 2015 07:18

Zdravim

Pouzivate nejaky antivir?

Doporucuji odinstalovat SpyHunter a Terminatora.

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte ho. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

NOSAK · #3 Příspěvek od **NOSAK** » 07 srp 2015 09:37

takže log z crystalu
----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2015/08/07 10:36:20

-- Controller Map ----------------------------------------------------------
+ Řadič VIA rozhraní IDE ke sběrnici PCI v režimu Bus Master [ATA]
+ Primární kanál IDE (0)
- TEAC DV-516D
- WDC WD800JB-00ETA0
+ Sekundární kanál IDE (1)
- HL-DT-ST DVDRAM GSA-4163B
- WinXP Promise FastTrak 376/378 (tm) Controller [SCSI]
+ VIA Serial ATA RAID Controller [SCSI]
- Maxtor 6 G160E0 SCSI Disk Device
- WDC WD16 00JD-00HBB0 SCSI Disk Device
- A7WUE4XY IDE Controller [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD800JB-00ETA0 : 80,0 GB [0/0/0, pd1]
(2) WDC WD1600JD-00HBB0 : 160,0 GB [2/2/2, pd1]

----------------------------------------------------------------------------
(1) WDC WD800JB-00ETA0
----------------------------------------------------------------------------
Model : WDC WD800JB-00ETA0
Firmware : 77.07W77
Serial Number : WD-WCAHL3255068
Disk Size : 80,0 GB (8,4/80,0/80,0)
Buffer Size : 8192 KB
Queue Depth : 1
# of Sectors : 156299375
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version : ATA/ATAPI-6
Minor Version : ----
Transfer Mode : Ultra DMA/100
Power On Hours : 27795 hod.
Power On Count : 3638 krát
Temparature : 50 C (122 F)
Health Status : Pozor
Features : S.M.A.R.T., AAM, 48bit LBA
APM Level : ----
AAM Level : 8080h [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 186 _51 000000000000 Počet chyb čtení
03 _91 _87 _21 0000000007B7 Čas na roztočení ploten
04 _97 _97 _40 000000000E69 Počet spuštění/zastavení
05 199 199 140 000000000001 Počet přemapovaných sektorů
07 200 200 _51 000000000000 Počet chybných hledání
09 _62 _62 __0 000000006C93 Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _97 _97 __0 000000000E36 Počet cyklů zapnutí zařízení
C2 _93 253 __0 000000000032 Teplota
C4 199 199 __0 000000000001 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000002 Počet chyb v kontrolním součtu UltraDMA
C8 200 _85 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF 0000 0010 E100 003F 003F 0010 0000 000E
010: 5744 2D57 4341 484C 3332 3036 3036 3800 0000 0000
020: 0003 4000 004A 3737 2E30 3737 3737 5744 4320 5744
030: 3830 304A 422D 3030 4554 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0280 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: F06F 0950 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
080: 007E 0000 346B 7F01 4003 3E01 3E01 4003 043F 0000
090: 0000 0000 0000 403B 8080 0000 0000 0000 0000 0000
100: F06F 0950 0000 0000 0000 0000 0000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 0041
130: 0000 0000 0000 0340 0000 0000 0000 0000 0000 0000
140: 0000 0000 0002 0001 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 001F
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 B8A5

----------------------------------------------------------------------------
(2) WDC WD1600JD-00HBB0
----------------------------------------------------------------------------
Model : WDC WD1600JD-00HBB0
Firmware : 08.02D08
Serial Number : WD-WMAL93447031
Disk Size : 160,0 GB (8,4/126,1/----)
Buffer Size : 8192 KB
Queue Depth : 1
# of Sectors : 246431747
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version :
Minor Version : ----
Transfer Mode :
Power On Hours : Neznámy údaj
Power On Count : Neznámy údaj
Temparature : Neznámy údaj
Health Status : Neznámý
Features :
APM Level : ----
AAM Level : ----

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF 0000 0010 E100 003F 003F 0000 0000 000E
010: 2020 2020 2057 442D 574D 3933 3933 3434 3730 3331
020: 0003 4000 004A 3038 2E30 3038 3038 5744 4320 5744
030: 3136 3030 4A44 2D30 3048 3020 3020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0280 0000 0007 3FFF 003F 003F FC10 00FB 7F61
060: 4003 9EB0 12A1 0000 0000 0000 0000 0000 0000 0000
070: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
080: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
090: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
100: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 0000

NOSAK · #4 Příspěvek od **NOSAK** » 07 srp 2015 10:02

# AdwCleaner v4.208 - Log vytvořen 07/08/2015 v 10:53:09
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-09.2 [Local]
# Operační system : Microsoft Windows XP Service Pack 3 (x86)
# Uživatelské jméno : Petr - DOMA
# Spuštěno z : C:\Documents and Settings\Petr\Plocha\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Soubor Smazáno : C:\DOCUME~1\Petr\LOCALS~1\Temp\Utils.dll

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Klíč Smazáno : HKLM\SOFTWARE\dt soft\daemon tools toolbar
dle doporučení vymazáno, antivir bych rád instaloval dle rady-jaký?
***** [ Prohlížeče ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v39.0 (x86 cs)

*************************

AdwCleaner[R0].txt - [1222 bytů] - [07/08/2015 10:39:40]
AdwCleaner[S0].txt - [1142 bytů] - [07/08/2015 10:53:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1200 bytů] ##########

#5 Příspěvek od **Márty84** » 07 srp 2015 10:41

NOSAK píše:antivir bych rád instaloval dle rady-jaký?

Treba Avast free, pripadne Bitdefender free.

Udelejte kontrolu programem HD Tune
Stahnete http://www.slunecnice.cz/sw/hd-tune/ , nainstalujte a spustte (pokud vam pri instalaci nabidne nejaky doplnek, odmitnete ho!)
V tom okne kliknete na posledni zalozku - Error Scan (pokud bude zatrzeny quick scan, tak zatrzitko zruste) a kliknete na Start.
Kontrola bude nejakou dobu trvat. Dejte vedet, jestli tam bylo nejake cervene policko.
Taky se podivejte na zalozku Health a opiste mi (vyfotte), co se tam pise. Melo by tam byt OK http://www.google.cz/imgres?um=1&hl=cs& ... s:20,i:143

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade na novejsi verzi a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

NOSAK · #6 Příspěvek od **NOSAK** » 07 srp 2015 11:50

posílám z HD Tune

NOSAK · #7 Příspěvek od **NOSAK** » 07 srp 2015 13:40

Tak dokončeno, posílám log
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2551
Windows 5.1.2600 Service Pack 3

7.8.2015 13:41:18
mbam-log-2015-08-07 (13-41-18).txt

Typ skenu: Úplný sken (C:\|)
Objektu skenováno: 161104
Uplynulý cas: 47 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

#8 Příspěvek od **Márty84** » 08 srp 2015 08:47

MBAM muzete odinstalovat.

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=30&t=130787

a k tomu

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

NOSAK · #9 Příspěvek od **NOSAK** » 08 srp 2015 10:29

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-08-08 11:24:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (30%) free of 76 GB
Total RAM: 1023 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:45, on 8.8.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Petr\Plocha\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [Bonus.SSR.FR12] "C:\Program Files\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE"
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6690 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\AutoKMS.job - C:\WINDOWS\AutoKMS.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ea614400-e918-4741-9a97-7a972ff7c30b}:3.0.8, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
prefs.js - "keyword.URL" - ""

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.209 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\components\
browserdirprovider.dll
brwsrcmp.dll

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll

C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\searchplugins\
firmycz.xml
mapycz.xml
seznam.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PtiuPbmd"=ptipbm.dll,SetWriteBack []
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2009-10-02 90112]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 350072]
"Bonus.SSR.FR12"=C:\Program Files\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [2014-05-11 1472312]
"Ptipbmf"=ptipbmf.dll,SetWriteCacheMode []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-04-10 335232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2009-03-11 2912256]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [2014-12-23 833240]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-26 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\DOCUME~1\Petr\LOCALS~1\Temp\Alcohol.exe"="C:\DOCUME~1\Petr\LOCALS~1\Temp\Alcohol.exe:*:Enabled:Windows Messanger"
"C:\\AKh06I2p2.exe"="C:\\AKh06I2p2.exe:*:Enabled:Windows Messanger"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe:*:Enabled:CyberLink PowerDVD 10.0"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Petr\Local Settings\Temp\KMSAct\Pack\Keygen\Keygen.exe"="C:\Documents and Settings\Petr\Local Settings\Temp\KMSAct\Pack\Keygen\Keygen.exe:*:Enabled:Keygen"
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\Petr\Local Settings\Temp\289.tmp\KMService.exe"="C:\Documents and Settings\Petr\Local Settings\Temp\289.tmp\KMService.exe:*:Enabled:KMService"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"D:\Hry\Flight Simulator\fs9.exe"="D:\Hry\Flight Simulator\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\Hry\Grand Prix 4\GP4.exe"="D:\Hry\Grand Prix 4\GP4.exe:*:Enabled:GP4"
"C:\WINDOWS\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe"="C:\WINDOWS\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe:*:Enabled:Samsung Scanner Discovery Module V3"
"C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe:*:Enabled:Easy Printer Manager"
"C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe"="C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe:*:Enabled:EPM Order Supplies "
"C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe"="C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe:*:Enabled:EPM Alert "
"C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe"="C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe:*:Enabled:Samsung uninstaller "
"C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe"="C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe:*:Enabled:EPM CDA Scan2PC"
"C:\Program Files\Samsung\Easy Document Creator\EDC.exe"="C:\Program Files\Samsung\Easy Document Creator\EDC.exe:*:Enabled:Samsung Easy Document Creator"
"C:\WINDOWS\KMSEmulator.exe"="C:\WINDOWS\KMSEmulator.exe:*:Enabled:KMSEmulator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Hercules\Webcam Station Evolution SE\StationEvSE.exe"="C:\Program Files\Hercules\Webcam Station Evolution SE\StationEvSE.exe:*:Enabled:Hercules Webcam Station Evolution"
"C:\Program Files\Java\jre1.8.0_45\launch4j-tmp\frd.exe"="C:\Program Files\Java\jre1.8.0_45\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\Petr\Dokumenty\Stažené soubory\marias_talon_cz.exe"="C:\Documents and Settings\Petr\Dokumenty\Stažené soubory\marias_talon_cz.exe:*:Enabled:marias_talon_cz"
"C:\Documents and Settings\Petr\Local Settings\Temp\6C.tmp\KMService.exe"="C:\Documents and Settings\Petr\Local Settings\Temp\6C.tmp\KMService.exe:*:Enabled:KMService"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (C:\Program Files\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.mjpg"=pvmjpg30.dll
"vidc.yv12"=yv12vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux4"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux5"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux6"=wdmaud.drv

======File associations======

.inf - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.ini - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1
.js - open - "%SystemRoot%\System32\WScript.exe" "%1" %*
.txt - open - "%SystemRoot%\system32\NOTEPAD.EXE" %1

======List of files/folders created in the last 1 month======

2015-08-08 11:24:39 ----D---- C:\Program Files\trend micro
2015-08-08 11:24:38 ----D---- C:\rsit
2015-08-07 17:49:15 ----D---- C:\Program Files\Mozilla Firefox
2015-08-07 11:47:54 ----D---- C:\Program Files\HD Tune

======List of files/folders modified in the last 1 month======

2015-08-08 11:24:45 ----D---- C:\WINDOWS\Prefetch
2015-08-08 11:24:39 ----D---- C:\Program Files
2015-08-08 11:24:21 ----D---- C:\WINDOWS\system32\drivers
2015-08-08 07:40:04 ----D---- C:\WINDOWS
2015-08-08 07:39:52 ----D---- C:\WINDOWS\system32\CatRoot2
2015-08-08 07:39:49 ----D---- C:\WINDOWS\Temp
2015-08-07 22:58:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-08-07 18:30:32 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-07-15 16:08:47 ----D---- C:\WINDOWS\system32
2015-07-15 16:08:40 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-03 691696]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 UlSata;UlSata; C:\WINDOWS\system32\DRIVERS\ulsata.sys [2003-01-26 64256]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-12-27 26880]
R0 viasraid;viasraid; C:\WINDOWS\system32\drivers\viasraid.sys [2003-06-12 75904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/03 22:09:32]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-08-26 5386752]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 camfilt2;camfilt2; C:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-29 96384]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-05-01 743367]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ovt530;Hercules Deluxe Webcam; C:\WINDOWS\System32\Drivers\ov530vid.sys [2007-02-02 167464]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3); C:\WINDOWS\system32\drivers\wfeaglxt.sys [2009-10-21 433920]
S0 fasttx2k;fasttx2k; C:\WINDOWS\system32\DRIVERS\fasttx2k.sys [2003-06-10 156672]
S3 a440awau;a440awau; C:\WINDOWS\system32\drivers\a440awau.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys []
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-07-29 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-26 606208]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-14 593920]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-07 148136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2012-09-27 129632]

-----------------EOF-----------------

NOSAK · #10 Příspěvek od **NOSAK** » 08 srp 2015 10:31

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
Ran by Petr (administrator) on DOMA (08-08-2015 11:30:17)
Running from C:\Documents and Settings\Petr\Plocha
Loaded Profiles: Petr (Available Profiles: Petr)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Leadtek Research Inc.) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PtiuPbmd] => Rundll32.exe ptipbm.dll,SetWriteBack
HKLM\...\Run: [WinFastDTV] => C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [90112 2009-10-02] (Leadtek Research Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [Bonus.SSR.FR12] => C:\Program Files\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2014-05-11] (ABBYY Production LLC.)
HKLM\...\Run: [Ptipbmf] => rundll32.exe ptipbmf.dll,SetWriteCacheMode
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-08-26] (ATI Technologies Inc.)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [WinFast Schedule] => C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2912256 2009-03-11] (Leadtek Research Inc.)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk [2010-07-05]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dl ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-220523388-2147186123-839522115-1003 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-26] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-220523388-2147186123-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{39CD1C0B-E062-419A-8631-C63F54885A74}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default
FF DefaultSearchUrl:
FF SelectedSearchEngine:
FF Homepage: https://seznam.cz/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-26] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2010-12-14] (mozilla.org)
FF SearchPlugin: C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\searchplugins\firmycz.xml [2015-03-28]
FF SearchPlugin: C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\searchplugins\mapycz.xml [2015-03-28]
FF SearchPlugin: C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\searchplugins\zbocz.xml [2015-03-28]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-28]
FF Extension: Seznam lištička - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-08-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-06-05]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [606208 2010-08-26] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2007-09-14] () [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [5386752 2010-08-26] (ATI Technologies Inc.) [File not signed]
R3 camfilt2; C:\WINDOWS\System32\DRIVERS\camfilt2.sys [96384 2007-08-29] (Guillemot Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [743367 2003-05-01] (C-Media Inc)
S0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [156672 2003-06-10] (Promise Technology, Inc.)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 ovt530; C:\WINDOWS\System32\Drivers\ov530vid.sys [167464 2007-02-02] (OmniVision Technologies, Inc.)
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-07-29] (VSO Software) [File not signed]
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2010-06-03] () [File not signed]
R0 UlSata; C:\WINDOWS\System32\DRIVERS\ulsata.sys [64256 2003-01-26] (Promise Technology, Inc.) [File not signed]
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [26880 2002-12-27] (VIA Technologies, Inc.)
R0 viasraid; C:\WINDOWS\System32\drivers\viasraid.sys [75904 2003-06-12] (VIA Technologies inc,.ltd) [File not signed]
S3 vulfnths; C:\WINDOWS\System32\Drivers\vulfnth.sys [6912 2002-10-24] (VIA Technologies, Inc.) [File not signed]
R3 vulfntrs; C:\WINDOWS\System32\Drivers\vulfntr.sys [10496 2002-11-13] (VIA Technologies, Inc.) [File not signed]
R3 WFLR6654; C:\WINDOWS\System32\drivers\wfeaglxt.sys [433920 2009-10-21] (Leadtek Research Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
U3 a440awau; C:\WINDOWS\system32\Drivers\a440awau.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
S3 nmwcd; system32\drivers\ccdcmb.sys [X]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 11:30 - 2015-08-08 11:30 - 00000000 ____D C:\FRST
2015-08-08 11:24 - 2015-08-08 11:24 - 00000000 ____D C:\rsit
2015-08-08 11:24 - 2015-08-08 11:24 - 00000000 ____D C:\Program Files\trend micro
2015-08-07 17:49 - 2015-08-07 17:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-07 11:47 - 2015-08-07 11:47 - 00000613 _____ C:\Documents and Settings\Petr\Plocha\HD Tune.lnk
2015-08-07 11:47 - 2015-08-07 11:47 - 00000000 ____D C:\Program Files\HD Tune
2015-08-07 11:47 - 2015-08-07 11:47 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\HD Tune
2015-08-07 10:16 - 2015-08-07 10:16 - 02248704 _____ C:\Documents and Settings\Petr\Plocha\adwcleaner_4.208.exe
2015-08-05 22:00 - 2015-08-05 22:00 - 00034700 _____ C:\Documents and Settings\Petr\Plocha\Addition.txt
2015-08-05 21:58 - 2015-08-08 11:30 - 00013104 _____ C:\Documents and Settings\Petr\Plocha\FRST.txt
2015-08-05 21:56 - 2015-08-05 21:56 - 00688992 _____ (Swearware) C:\Documents and Settings\Petr\Plocha\dds.exe
2015-08-05 21:55 - 2015-08-05 21:55 - 01107968 _____ C:\Documents and Settings\Petr\Plocha\RSIT.exe
2015-08-05 21:53 - 2015-08-05 21:53 - 01673728 _____ (Farbar) C:\Documents and Settings\Petr\Plocha\FRST.exe
2015-07-26 09:00 - 2015-07-26 09:01 - 00819200 _____ C:\Documents and Settings\Petr\Dokumenty\Kontakty1.accdb
2015-07-26 08:57 - 2015-07-26 08:59 - 00577536 _____ C:\Documents and Settings\Petr\Dokumenty\Database1.accdb
2015-07-26 08:56 - 2015-07-26 08:57 - 00749568 _____ C:\Documents and Settings\Petr\Dokumenty\Kontakty.accdb

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 11:30 - 2010-06-03 19:52 - 00000000 ____D C:\Documents and Settings\Petr\Local Settings\Temp
2015-08-08 11:24 - 2010-06-03 21:34 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-08-08 11:24 - 2010-06-03 21:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-08-08 11:08 - 2015-03-29 09:42 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-08 07:40 - 2015-03-29 09:09 - 00062112 _____ C:\WINDOWS\AutoKMS.log
2015-08-08 07:40 - 2015-03-29 08:39 - 00000198 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-08-08 07:40 - 2010-06-03 19:46 - 01815891 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-08 07:39 - 2010-06-03 21:37 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-08 07:39 - 2010-06-03 21:37 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-08-08 07:39 - 2010-06-03 19:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-07 22:58 - 2010-08-08 13:19 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-08-07 22:58 - 2010-06-03 19:52 - 00032352 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-07 22:58 - 2010-06-03 19:52 - 00000178 ___SH C:\Documents and Settings\Petr\ntuser.ini
2015-08-07 21:48 - 2010-11-24 13:40 - 00000000 ____D C:\Documents and Settings\Petr\Dokumenty\Stažené soubory
2015-08-07 18:30 - 2015-03-28 22:45 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-07 12:49 - 2010-06-03 19:52 - 00000000 __RHD C:\Documents and Settings\Petr\Data aplikací
2015-08-07 12:49 - 2010-06-03 19:52 - 00000000 ___RD C:\Documents and Settings\Petr\Dokumenty
2015-08-07 11:47 - 2010-06-03 19:52 - 00000000 ____D C:\Documents and Settings\Petr\Plocha
2015-08-07 10:17 - 2010-06-03 21:33 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-08-07 10:10 - 2001-10-25 16:00 - 00002228 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-06 22:22 - 2010-06-11 15:02 - 00000000 ____D C:\Documents and Settings\Petr\Dokumenty\Petr
2015-08-06 20:22 - 2010-09-04 16:24 - 00002547 _____ C:\Documents and Settings\Petr\Plocha\Microsoft Word 2010.lnk
2015-08-03 07:21 - 2015-03-28 21:20 - 00734653 _____ C:\WINDOWS\setupapi.log
2015-07-26 08:59 - 2015-04-03 07:11 - 00002475 _____ C:\Documents and Settings\Petr\Plocha\Microsoft Access 2010.lnk
2015-07-25 19:26 - 2010-09-04 16:24 - 00002463 _____ C:\Documents and Settings\Petr\Plocha\Microsoft Excel 2010.lnk
2015-07-15 16:08 - 2015-03-29 09:42 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-15 16:08 - 2015-03-29 09:42 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-08-08 21:50 - 2010-11-24 14:25 - 0000172 ____C () C:\Documents and Settings\Petr\Data aplikací\default.rss
2010-07-29 21:15 - 2010-07-29 22:09 - 0087608 ____C () C:\Documents and Settings\Petr\Data aplikací\inst.exe
2010-07-29 21:15 - 2010-07-29 22:09 - 0007887 ____C () C:\Documents and Settings\Petr\Data aplikací\pcouffin.cat
2010-07-29 21:15 - 2010-07-29 22:09 - 0001144 ____C () C:\Documents and Settings\Petr\Data aplikací\pcouffin.inf
2010-07-29 21:15 - 2010-07-29 22:09 - 0000033 ____C () C:\Documents and Settings\Petr\Data aplikací\pcouffin.log
2010-07-29 21:15 - 2010-07-29 22:09 - 0047360 ____C (VSO Software) C:\Documents and Settings\Petr\Data aplikací\pcouffin.sys
2010-07-29 21:16 - 2010-07-29 22:07 - 0001057 ____C () C:\Documents and Settings\Petr\Data aplikací\vso_ts_preview.xml
2010-09-10 21:07 - 2015-03-28 14:40 - 0007680 _____ () C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Petr\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Petr\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Petr\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

#11 Příspěvek od **Márty84** » 08 srp 2015 11:26

No, to sice nebylo uplne podle navodu, ale aspon tak

Napiste mi velikost adresare plochy (C:\Documents and Settings\Petr\Plocha)

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dl ... date&O1=b1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION

FF Extension: Seznam lištička - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-08-08]

S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

NOSAK · #12 Příspěvek od **NOSAK** » 08 srp 2015 12:25

Fix result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
Ran by Petr (2015-08-08 13:14:20) Run:1
Running from C:\Documents and Settings\Petr\Plocha
Loaded Profiles: Petr (Available Profiles: Petr)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-220523388-2147186123-839522115-1003\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833240 2014-12-23] (ZONER software)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dl ... date&O1=b1
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION

FF Extension: Seznam lištička - C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2015-08-08]

S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [X]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully.
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-220523388-2147186123-839522115-1003\Software\Microsoft\Internet Explorer\Main\\First Home Page => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
C:\Documents and Settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\x2t7b3ip.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => moved successfully.
MBAMSwissArmy => service removed successfully.
SkypeUpdate => service removed successfully.
AdobeFlashPlayerUpdateSvc => service removed successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 2 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 13:19:06 ====

#13 Příspěvek od **Márty84** » 08 srp 2015 12:41

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak to s pc vypada. Nastala nejaka zmena?

NOSAK · #14 Příspěvek od **NOSAK** » 08 srp 2015 14:18

vše hotovo, Pc OK!!!!video se netrhají, celkově se PC zrychlil, nabíhání i vypínání...děkuji moooooc

#15 Příspěvek od **Márty84** » 08 srp 2015 16:40

To jsem rad

Nemate zac!

Mejte se a treba zase nekdy

VIRY.CZ

prosím o preventivní kontrolu

prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu

Re: prosím o preventivní kontrolu