Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu FRST

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Příspěvky: 12
Registrován: 05 bře 2023 16:33

Prosím o kontrolu logu FRST

#1 Příspěvek od peco »

Prosím o kontrolu logu FRST.
PC je staršie s Win XP. Používa ho otec. Prestala fungovať sieť a pri pokuse o preinštalovanie ovládača sa niekoľkonásobne pridalo zariadenie v správcovi zariadení.
Realtek RTL8139 je tam hádam 30krát. Po odobratí všetkých NIC navyše v správcovi som reštartoval a tie zariadenia sa znovu popridávali. Pridal som externú NIC cez PCI, aj USB WIFI, ale PC je pomalé a sieť zabrzdená.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2023
Ran by spravca (administrator) on PETER (Hewlett-Packard HP Compaq dc5100 SFF(PM215AV)) (05-03-2023 16:22:39)
Running from G:\
Loaded Profiles: spravca
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Angličtina (USA) -> Slovenčina
Default browser: FF
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Windows Component Publisher -> Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\WINDOWS\System32\igfxtray.exe [98304 2006-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\System32\hkcmd.exe [114688 2006-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
HKLM\...\Run: [Persistence] => C:\WINDOWS\System32\igfxpers.exe [94208 2006-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) [File not signed]
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\RunOnce: [NCInstallQueue] => C:\WINDOWS\system32\netman.dll [198144 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Policies\...\system: [Allow-LogonScript-NetbiosDisabled] 1
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-13] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\MountPoints2: {c238644c-9583-11e4-8c67-0014c20ec4d2} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\MountPoints2: {c2386455-9583-11e4-8c67-0014c20ec4d2} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [1156808 2015-10-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Windows NT x86\Print Processors\winprint: localspl.dll (No File)
HKLM\...\Print\Monitors\BJ Language Monitor: C:\WINDOWS\system32\cnbjmon.dll [47104 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\pjlmon.dll [15360 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{26923b43-4d38-484f-9b9e-de460746276c}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{4b218e3e-bc98-4770-93d3-2731b9329278}] -> C:\WINDOWS\inf\ie.inf [2008-04-13] (Microsoft Windows Component Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{5945c046-1e7d-11d1-bc44-00c04fd912be}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2015-11-20]

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1444490172.job => C:\Program Files\Opera beta\launcher.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{69B44709-CEE2-4DB0-AE08-FEC04473E910}: [DhcpNameServer]

FF ProfilePath: C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390 [2023-03-05]
FF Extension: (Avast SafePrice) - C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390\Extensions\sp@avast.com.xpi [2018-06-13] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390\Extensions\wrc@avast.com.xpi [2018-11-13]
FF Extension: (Hotfix for Firefox bug 1548973 (armagaddon 2.0) mitigation) - C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390\features\{e96be75f-9d09-4a9e-8425-16c4e4c0ef73}\hotfix-bug-1548973@mozilla.org.xpi [2021-11-07] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-03-01] (Adobe Systems Incorporated -> )
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-01-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Sibelius.com/Scorch Plugin,version= -> C:\Program Files\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] (Avid Technology, Inc. -> )
FF Plugin: @sony.com/eBookLibrary -> C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation -> Sony Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-01-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-682003330-220523388-839522115-1003: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-01-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-682003330-220523388-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\spravca\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies SF -> Unity Technologies ApS)

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

StartMenuInternet: (HKLM) Operabeta - C:\Program Files\Opera beta\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S2 NovaSkinResourcepack; C:\Documents and Settings\spravca\Application Data\.minecraft\resourcepacks\novaskin\bin\nssm-x86.exe [157696 2015-01-23] () [File not signed]
S2 RalinkRegistryWriter; C:\Program Files\Tenda\Common\RaRegistry.exe [193888 2010-06-28] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Software Sarl -> Skype Technologies) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S3 SwPrv; C:\WINDOWS\System32\dllhost.exe /Processid:{A54ACD50-F3F2-491D-A2DB-3B81A330DA49} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7796504 2021-02-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aeaudio; C:\WINDOWS\System32\drivers\aeaudio.sys [100384 2003-10-23] (Andrea Electronics Corporation) [File not signed]
S3 ASNDIS5; C:\WINDOWS\system32\ASNDIS5.SYS [16269 2002-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167480 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [188976 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [165384 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [284256 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [57904 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [183176 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42736 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [40688 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [135200 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70640 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [72800 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [784552 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [397984 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [146584 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310200 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S3 b57w2k; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [176640 2008-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Microsoft Windows Component Publisher -> Parallel Technologies, Inc.)
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1130848 2010-11-10] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Microsoft Windows Component Publisher -> Realtek Semiconductor Corporation)
S3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu_XP.sys [5695424 2018-03-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [612416 2004-04-15] (Analog Devices, Inc.) [File not signed]
S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam.sys [11520 2009-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-05 16:22 - 2023-03-05 16:24 - 000000000 ____D C:\FRST
2023-03-05 16:19 - 2023-03-05 16:20 - 000335730 _____ C:\WINDOWS\ntbtlog.txt
2023-03-05 15:20 - 2023-03-05 15:23 - 000000000 ____D C:\WINDOWS\LastGood
2023-03-05 15:20 - 1980-01-20 19:58 - 000323288 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-03-05 09:19 - 2023-03-05 15:09 - 000000000 ____D C:\Program Files\HWiNFO32
2023-03-05 09:15 - 2023-03-05 09:15 - 000000000 ____D C:\Program Files\CPUID

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-05 16:25 - 2012-02-15 18:04 - 000000000 ____D C:\Documents and Settings\spravca\Local Settings\Temp
2023-03-05 15:27 - 2012-02-15 18:04 - 000000178 ___SH C:\Documents and Settings\spravca\ntuser.ini
2023-03-05 15:27 - 2012-02-15 18:04 - 000000000 ____D C:\Documents and Settings\spravca
2023-03-05 15:27 - 2012-02-15 18:03 - 000032570 _____ C:\WINDOWS\SchedLgU.Txt
2023-03-05 15:27 - 2012-02-15 17:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-05 15:24 - 2015-08-27 03:41 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2023-03-05 15:24 - 2012-02-15 18:42 - 000000000 ___HD C:\WINDOWS\inf
2023-03-05 15:23 - 2017-02-11 16:17 - 000000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2023-03-05 15:19 - 2012-02-15 18:47 - 000356120 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-05 15:16 - 2015-10-10 16:16 - 000000426 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1444490172.job
2023-03-05 15:16 - 2015-10-10 16:15 - 000000000 ____D C:\Program Files\Opera beta
2023-03-05 15:15 - 2015-12-19 11:51 - 000000322 _____ C:\WINDOWS\Tasks\GlaryInitialize 5.job
2023-03-05 15:15 - 2014-11-16 12:08 - 000000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2023-03-05 15:15 - 2001-08-23 13:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2023-03-05 15:14 - 2014-06-18 17:11 - 000000000 ____D C:\Documents and Settings\Administrator
2023-03-05 15:14 - 2012-02-15 18:03 - 000000000 __SHD C:\Documents and Settings\NetworkService
2023-03-05 15:14 - 2012-02-15 18:03 - 000000000 __SHD C:\Documents and Settings\LocalService
2023-03-05 15:14 - 2012-02-15 17:57 - 000000000 ____D C:\WINDOWS\Registration
2023-03-05 15:09 - 2012-02-15 19:01 - 000000000 ____D C:\Program Files\Broadcom
2023-03-05 15:09 - 2012-02-15 18:42 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2023-03-05 12:16 - 2012-12-21 13:51 - 000000065 _____ C:\WINDOWS\system32\BD7030.DAT
2023-03-05 11:55 - 2014-06-22 10:50 - 000000000 ____D C:\Documents and Settings\spravca\My Documents\Preberanie
2023-03-05 09:15 - 2015-09-26 09:58 - 000000000 ____D C:\Program Files\TeamViewer

==================== Files in the root of some directories ========

2014-11-16 07:32 - 2004-11-28 20:33 - 001208320 _____ (Derrow/Decision Development) C:\Program Files\IfoEdit.exe
2013-05-26 15:24 - 2013-05-26 15:25 - 000545346 _____ () C:\Documents and Settings\spravca\Application Data\Scorch_Install.log
2014-11-15 09:59 - 2014-11-15 09:59 - 000003584 _____ () C:\Documents and Settings\spravca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-24 16:47 - 2017-02-24 16:47 - 000000600 _____ () C:\Documents and Settings\spravca\Local Settings\Application Data\PUTTY.RND
2016-11-05 11:07 - 2017-07-27 17:20 - 000000252 _____ () C:\Documents and Settings\spravca\Local Settings\Application Data\rbxcsettings.rbx

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
==================== End of FRST.txt ========================

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu FRST

#2 Příspěvek od Rudy »

Nejprve přidejte ještě log Addition ze souboru additon.txt. kteý máte v G:\. Potom spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 12
Registrován: 05 bře 2023 16:33

Re: Prosím o kontrolu logu FRST

#3 Příspěvek od peco »

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2023
Ran by spravca (05-03-2023 16:25:41)
Running from G:\
Systém Microsoft Windows XP Professional Service Pack 3 (X86) (2012-02-15 17:01:23)
Boot Mode: Safe Mode (minimal)

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-682003330-220523388-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-682003330-220523388-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-682003330-220523388-839522115-1000 - Limited - Disabled)
spravca (S-1-5-21-682003330-220523388-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\spravca
SUPPORT_388945a0 (S-1-5-21-682003330-220523388-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Out of date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 19 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)
Alenka 2 - Kouzelná země (HKLM\...\Alenka 2 - Kouzelná země) (Version: - )
ASUS Wireless Router WL-500gP V2 Utilities (HKLM\...\{A4761FB2-072A-4F17-B4D7-C0640CF52D58}) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bláznivé prázdniny na pláži (HKLM\...\Bláznivé prázdniny na pláži) (Version: - )
Broadcom Management Programs (HKLM\...\{7BB045C3-D5E4-4620-B536-DC11AACD5942}) (Version: 11.67.01 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Dobrý farmář (HKLM\...\Dobrý farmář) (Version: - )
Dobrý náčelník 1.50 (HKLM\...\{Dobry nacelnik}_is1) (Version: - Špidla Data Processing, s.r.o.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - Google Inc.) Hidden
Horské dobrodružství - ztraceni v závějích 1.5 (HKLM\...\{Horske dobrodruzstvi - ztraceni v zavejich}_is1) (Version: - Špidla Data Processing, s.r.o.)
ImgBurn (HKLM\...\ImgBurn) (Version: - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
KogamaLauncher-WWW (HKLM\...\{1CC9F278-D898-43D2-BBED-B3B765045888}) (Version: - Multiverse ApS)
Maľovanie pre deti (inštalácia na disk) (HKLM\...\Maľovanie pre deti (inštalácia na disk)) (Version: - )
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wdf01009) (Version: - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: - Mojang)
Mozilla Firefox 52.9.0 ESR (x86 sk) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 sk)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: - Mozilla)
MPC-HC 1.7.7 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.2 - Notepad++ Team)
Nova Skin resourcepack version 1.0 (HKLM\...\{497EF1F8-2F52-45A5-BF36-C6D11773F093}_is1) (Version: 1.0 - Nova Skin)
OpenOffice 4.1.1 (HKLM\...\{456408C1-3BDE-48CC-9A5A-79B1BB4C4787}) (Version: 4.11.9775 - Apache Software Foundation)
Opera beta 36.0.2130.29 (HKLM\...\Opera 36.0.2130.29) (Version: 36.0.2130.29 - Opera Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.8 - Tracker Software Products Ltd)
PRS-500 USB driver (HKLM\...\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}) (Version: - Sony)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)
Reader Library by Sony (HKLM\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: - Sony Corporation)
Revelation Natural Art SK (HKLM\...\{78BF8D44-E631-44AC-9EAD-33A28D0E0F1F}) (Version: 1.5.8890 - Meno vašej spoločnosti)
ROBLOX Player for spravca (HKU\S-1-5-21-682003330-220523388-839522115-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - Analog Devices)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.259143 - TeamViewer)
Tenda Wireless LAN Card (HKLM\...\{192BCCC6-C47B-4473-B187-5164185A413C}) (Version: - Tenda)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-682003330-220523388-839522115-1003\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 (HKLM\...\75070B1806113224B16C70296B90DD1AD8A53479) (Version: 08/08/2006 - Sony Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-682003330-220523388-839522115-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\spravca\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies SF -> Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-682003330-220523388-839522115-1003_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx32.dll () [File not signed]
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2015-04-15] () [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\System32\igfxpph.dll [2006-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1_S-1-5-21-682003330-220523388-839522115-1003: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files\PSPad editor\pspshellx32.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2001-08-23] (Microsoft Windows Component Publisher -> DSP GROUP, INC.)
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2001-08-23] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2001-08-23] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2001-08-23] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2009-09-01] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [MIDI1] => C:\WINDOWS\system32\SYNCOR11.DLL [40820 2002-11-06] (SoundMAX) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']

==================== Loaded Modules (Whitelisted) =============

2015-04-15 21:13 - 2015-04-15 21:13 - 000260608 _____ () [File not signed] C:\Program Files\Notepad++\NppShell_06.dll
2015-05-08 19:30 - 2014-11-02 16:44 - 000027136 _____ () [File not signed] C:\Program Files\PSPad editor\pspshellx32.dll
2014-08-13 09:27 - 2014-08-13 09:27 - 000436736 _____ (Apache Software Foundation) [File not signed] C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll
2010-11-18 17:08 - 2010-11-18 17:08 - 000055808 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2012-02-15 18:59 - 2002-11-06 19:00 - 000040820 _____ (SoundMAX) [File not signed] C:\WINDOWS\system32\SYNCOR11.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION

==================== Internet Explorer (Version 6) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={ ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-682003330-220523388-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKU\S-1-5-21-682003330-220523388-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-682003330-220523388-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-20] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 13:00 - 2023-03-05 15:05 - 000000771 _____ C:\WINDOWS\system32\drivers\etc\hosts localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Skype\Phone\
HKU\S-1-5-21-682003330-220523388-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\spravca\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: Reader Library Launcher => C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [E:\003_DATA\Dreambox\dreamUp_DM500.exe] => Enabled:dreamUp
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe] => Enabled:Avast Emergency Update
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

17-12-2022 06:54:50 Kontrolný bod systému
30-01-2023 15:18:05 Kontrolný bod systému
05-02-2023 11:32:46 Kontrolný bod systému
07-02-2023 16:51:27 Kontrolný bod systému
25-02-2023 10:44:46 Kontrolný bod systému
26-02-2023 11:28:50 Kontrolný bod systému
04-03-2023 12:19:51 Removed Broadcom NetXtreme Ethernet Controller.
05-03-2023 15:06:54 20230305_nefunkcna_siet
05-03-2023 15:08:47 Operácia obnovovania
05-03-2023 15:24:37 Installed Windows XP Wdf01009.

==================== Faulty Device Manager Devices ============

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: ========================

Application errors:
Error: (03/05/2023 04:25:56 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Toto sieťové pripojenie neexistuje.

Error: (03/05/2023 04:25:56 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Bol zadaný neplatný algoritmus.

Error: (03/05/2023 04:25:53 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Toto sieťové pripojenie neexistuje.

Error: (03/05/2023 04:25:53 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Bol zadaný neplatný algoritmus.

Error: (03/05/2023 04:25:50 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Toto sieťové pripojenie neexistuje.

Error: (03/05/2023 04:25:50 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Bol zadaný neplatný algoritmus.

Error: (03/05/2023 04:25:49 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Nie je možné rozoznať názov servera alebo adresu

Error: (03/05/2023 04:25:49 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Bol zadaný neplatný algoritmus.

System errors:
Error: (03/05/2023 04:26:57 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 04:26:57 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 04:26:57 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 04:26:57 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 04:20:46 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu StiSvc s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 04:20:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:

Error: (03/05/2023 04:20:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby AFD Networking Support Environment, od ktorej závisí služba TeamViewer 11, zlyhalo kvôli nasledujúcej chybe:
Zariadenie pripojené na systém nie je funkčné.

Error: (03/05/2023 04:20:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby IPSEC driver, od ktorej závisí služba IPSEC Services, zlyhalo kvôli nasledujúcej chybe:
Zariadenie pripojené na systém nie je funkčné.

==================== Memory info ===========================

BIOS: Hewlett-Packard COMPAQ - 20060417 04/17/2006
Motherboard: Hewlett-Packard 09E8h
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 40%
Total physical RAM: 2551.43 MB
Available physical RAM: 1506.55 MB
Total Virtual: 4444.28 MB
Available Virtual: 3577.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.27 GB) (Free:11.8 GB) (Model: WDC WD400BD-60LTA0) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (DATA) (Fixed) (Total:57.27 GB) (Free:43.8 GB) (Model: Maxtor 6Y060L0) NTFS
Drive g: () (Removable) (Total:14.52 GB) (Free:13.9 GB) FAT32

==================== MBR & Partition Table ====================

Disk: 0 (MBR Code: Windows XP) (Size: 57.3 GB) (Disk ID: 6C756C75)
Partition 1: (Not Active) - (Size=57.3 GB) - (Type=07 NTFS)

Disk: 1 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 00050FBC)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

Disk: 2 (Size: 14.5 GB) (Disk ID: 3676018D)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=FAT32)

==================== End of Addition.txt =======================

Příspěvky: 12
Registrován: 05 bře 2023 16:33

Re: Prosím o kontrolu logu FRST

#4 Příspěvek od peco »

Pri spustani adwcleaner mi pise ze to nie je platna aplikacia win32.
Skúšal som aj verziu 7.4.2, ktorú odporúčajú na supporte https://support.malwarebytes.com/hc/en- ... AdwCleaner
ale tam zas píše, že mu chýba nejaká knižnica dwmapi.dll

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu FRST

#5 Příspěvek od Rudy »

Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 12
Registrován: 05 bře 2023 16:33

Re: Prosím o kontrolu logu FRST

#6 Příspěvek od peco »

# AdwCleaner v3.216 - Report created 05/03/2023 at 18:19:34
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : spravca - PETER
# Running from : C:\Documents and Settings\spravca\Desktop\adwcleaner-3-216-multi-win.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [E:\003_DATA\Dreambox\dreamUp_DM500.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Mozilla Firefox v

[ File : C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390\prefs.js ]

-\\ Google Chrome v


AdwCleaner[R0].txt - [1024 octets] - [05/03/2023 18:18:26]
AdwCleaner[S0].txt - [949 octets] - [05/03/2023 18:19:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1008 octets] ##########

Tu je screen spravcu zariadeni:

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu FRST

#7 Příspěvek od Rudy »

OK, dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 12
Registrován: 05 bře 2023 16:33

Re: Prosím o kontrolu logu FRST

#8 Příspěvek od peco »

FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-03-2023
Ran by spravca (administrator) on PETER (Hewlett-Packard HP Compaq dc5100 SFF(PM215AV)) (05-03-2023 19:07:02)
Running from G:\
Loaded Profiles: spravca
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Angličtina (USA) -> Slovenčina
Default browser: FF
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\WINDOWS\System32\igfxtray.exe [98304 2006-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\WINDOWS\System32\hkcmd.exe [114688 2006-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
HKLM\...\Run: [Persistence] => C:\WINDOWS\System32\igfxpers.exe [94208 2006-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation) [File not signed]
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation) [File not signed]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\RunOnce: [NCInstallQueue] => C:\WINDOWS\system32\netman.dll [198144 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Policies\...\system: [Allow-LogonScript-NetbiosDisabled] 1
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-08-13] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\MountPoints2: {c238644c-9583-11e4-8c67-0014c20ec4d2} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\MountPoints2: {c2386455-9583-11e4-8c67-0014c20ec4d2} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [1156808 2015-10-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Windows NT x86\Print Processors\winprint: localspl.dll (No File)
HKLM\...\Print\Monitors\BJ Language Monitor: C:\WINDOWS\system32\cnbjmon.dll [47104 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Print\Monitors\PJL Language Monitor: C:\WINDOWS\system32\pjlmon.dll [15360 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> C:\WINDOWS\inf\unregmp2.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{26923b43-4d38-484f-9b9e-de460746276c}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] -> C:\WINDOWS\system32\shmgrate.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{4b218e3e-bc98-4770-93d3-2731b9329278}] -> C:\WINDOWS\inf\ie.inf [2008-04-13] (Microsoft Windows Component Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{5945c046-1e7d-11d1-bc44-00c04fd912be}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] -> C:\WINDOWS\system32\advpack.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{7790769C-0471-11d2-AF11-00C04FA35D02}] -> C:\Program Files\Outlook Express\setup50.exe [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C631DF4C-088F-4156-B058-4375F0853CD8}] -> C:\WINDOWS\System32\cscui.dll [2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk [2015-11-20]

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1444490172.job => C:\Program Files\Opera beta\launcher.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

FF ProfilePath: C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390 [2023-03-05]
FF Extension: (Avast SafePrice) - C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390\Extensions\sp@avast.com.xpi [2018-06-13] [UpdateUrl:hxxps://firefoxext.avcdn.net/firefoxext/avast/sp/update.json]
FF Extension: (Avast Online Security) - C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390\Extensions\wrc@avast.com.xpi [2018-11-13]
FF Extension: (Hotfix for Firefox bug 1548973 (armagaddon 2.0) mitigation) - C:\Documents and Settings\spravca\Application Data\Mozilla\Firefox\Profiles\xlc0wztg.default-1636265337390\features\{e96be75f-9d09-4a9e-8425-16c4e4c0ef73}\hotfix-bug-1548973@mozilla.org.xpi [2021-11-07] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-03-01] (Adobe Systems Incorporated -> )
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-01-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-20] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Sibelius.com/Scorch Plugin,version= -> C:\Program Files\Sibelius Software\Scorch\npsibelius.dll [2013-03-11] (Avid Technology, Inc. -> )
FF Plugin: @sony.com/eBookLibrary -> C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation -> Sony Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-01-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-682003330-220523388-839522115-1003: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2018-01-24] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-682003330-220523388-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\spravca\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies SF -> Unity Technologies ApS)

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

StartMenuInternet: (HKLM) Operabeta - C:\Program Files\Opera beta\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S2 NovaSkinResourcepack; C:\Documents and Settings\spravca\Application Data\.minecraft\resourcepacks\novaskin\bin\nssm-x86.exe [157696 2015-01-23] () [File not signed]
S2 RalinkRegistryWriter; C:\Program Files\Tenda\Common\RaRegistry.exe [193888 2010-06-28] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Software Sarl -> Skype Technologies) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
S2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]
S3 SwPrv; C:\WINDOWS\System32\dllhost.exe /Processid:{A54ACD50-F3F2-491D-A2DB-3B81A330DA49} [5120 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7796504 2021-02-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aeaudio; C:\WINDOWS\System32\drivers\aeaudio.sys [100384 2003-10-23] (Andrea Electronics Corporation) [File not signed]
S3 ASNDIS5; C:\WINDOWS\system32\ASNDIS5.SYS [16269 2002-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [167480 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [188976 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [165384 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [284256 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [57904 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [183176 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42736 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [40688 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [135200 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70640 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [72800 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [784552 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [397984 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [146584 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [310200 1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
S3 b57w2k; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [176640 2008-07-25] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2001-08-23] (Microsoft Windows Component Publisher -> Parallel Technologies, Inc.)
S3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [1130848 2010-11-10] (Ralink Technology Corporation -> Ralink Technology, Corp.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Microsoft Windows Component Publisher -> Realtek Semiconductor Corporation)
S3 RtlWlanu; C:\WINDOWS\System32\DRIVERS\rtwlanu_XP.sys [5695424 2018-03-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Microsoft Windows Component Publisher -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [612416 2004-04-15] (Analog Devices, Inc.) [File not signed]
S3 WDC_SAM; C:\WINDOWS\System32\DRIVERS\wdcsam.sys [11520 2009-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-05 18:17 - 2023-03-05 18:19 - 000000000 ____D C:\AdwCleaner
2023-03-05 18:17 - 2023-03-05 18:16 - 001354223 _____ C:\Documents and Settings\spravca\Desktop\adwcleaner-3-216-multi-win.exe
2023-03-05 17:37 - 2023-03-05 17:32 - 007622344 _____ (Malwarebytes) C:\Documents and Settings\spravca\Desktop\adwcleaner_7.4.2.exe
2023-03-05 17:24 - 2023-03-05 17:15 - 008791352 _____ (Malwarebytes) C:\Documents and Settings\spravca\Desktop\adwcleaner.exe
2023-03-05 16:22 - 2023-03-05 19:08 - 000000000 ____D C:\FRST
2023-03-05 16:19 - 2023-03-05 19:05 - 001089962 _____ C:\WINDOWS\ntbtlog.txt
2023-03-05 15:20 - 1980-01-20 19:58 - 000323288 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2023-03-05 09:19 - 2023-03-05 15:09 - 000000000 ____D C:\Program Files\HWiNFO32
2023-03-05 09:15 - 2023-03-05 09:15 - 000000000 ____D C:\Program Files\CPUID

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-05 19:10 - 2012-02-15 18:04 - 000000000 ____D C:\Documents and Settings\spravca\Local Settings\Temp
2023-03-05 19:03 - 2012-02-15 18:04 - 000000178 ___SH C:\Documents and Settings\spravca\ntuser.ini
2023-03-05 19:03 - 2012-02-15 18:04 - 000000000 ____D C:\Documents and Settings\spravca
2023-03-05 19:03 - 2012-02-15 18:03 - 000032570 _____ C:\WINDOWS\SchedLgU.Txt
2023-03-05 19:03 - 2012-02-15 17:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-03-05 18:51 - 2015-10-10 16:16 - 000000426 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1444490172.job
2023-03-05 18:51 - 2015-10-10 16:15 - 000000000 ____D C:\Program Files\Opera beta
2023-03-05 18:22 - 2017-02-11 16:17 - 000000358 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2023-03-05 18:21 - 2015-12-19 11:51 - 000000322 _____ C:\WINDOWS\Tasks\GlaryInitialize 5.job
2023-03-05 18:21 - 2014-11-16 12:08 - 000000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2023-03-05 18:12 - 2012-02-15 18:42 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2023-03-05 15:24 - 2015-08-27 03:41 - 000001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2023-03-05 15:24 - 2012-02-15 18:42 - 000000000 ___HD C:\WINDOWS\inf
2023-03-05 15:19 - 2012-02-15 18:47 - 000356120 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-03-05 15:15 - 2001-08-23 13:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2023-03-05 15:14 - 2014-06-18 17:11 - 000000000 ____D C:\Documents and Settings\Administrator
2023-03-05 15:14 - 2012-02-15 18:03 - 000000000 __SHD C:\Documents and Settings\NetworkService
2023-03-05 15:14 - 2012-02-15 18:03 - 000000000 __SHD C:\Documents and Settings\LocalService
2023-03-05 15:14 - 2012-02-15 17:57 - 000000000 ____D C:\WINDOWS\Registration
2023-03-05 15:09 - 2012-02-15 19:01 - 000000000 ____D C:\Program Files\Broadcom
2023-03-05 12:16 - 2012-12-21 13:51 - 000000065 _____ C:\WINDOWS\system32\BD7030.DAT
2023-03-05 11:55 - 2014-06-22 10:50 - 000000000 ____D C:\Documents and Settings\spravca\My Documents\Preberanie
2023-03-05 09:15 - 2015-09-26 09:58 - 000000000 ____D C:\Program Files\TeamViewer

==================== Files in the root of some directories ========

2014-11-16 07:32 - 2004-11-28 20:33 - 001208320 _____ (Derrow/Decision Development) C:\Program Files\IfoEdit.exe
2013-05-26 15:24 - 2013-05-26 15:25 - 000545346 _____ () C:\Documents and Settings\spravca\Application Data\Scorch_Install.log
2014-11-15 09:59 - 2014-11-15 09:59 - 000003584 _____ () C:\Documents and Settings\spravca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-24 16:47 - 2017-02-24 16:47 - 000000600 _____ () C:\Documents and Settings\spravca\Local Settings\Application Data\PUTTY.RND
2016-11-05 11:07 - 2017-07-27 17:20 - 000000252 _____ () C:\Documents and Settings\spravca\Local Settings\Application Data\rbxcsettings.rbx

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
==================== End of FRST.txt ========================

Příspěvky: 12
Registrován: 05 bře 2023 16:33

Re: Prosím o kontrolu logu FRST

#9 Příspěvek od peco »

addition log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-03-2023
Ran by spravca (05-03-2023 19:10:12)
Running from G:\
Systém Microsoft Windows XP Professional Service Pack 3 (X86) (2012-02-15 17:01:23)
Boot Mode: Safe Mode (minimal)

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-682003330-220523388-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-682003330-220523388-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-682003330-220523388-839522115-1000 - Limited - Disabled)
spravca (S-1-5-21-682003330-220523388-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\spravca
SUPPORT_388945a0 (S-1-5-21-682003330-220523388-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Out of date) {7591db91-41f0-48a3-b128-1a293fd8233d}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 19 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: - Adobe Systems Incorporated)
Alenka 2 - Kouzelná země (HKLM\...\Alenka 2 - Kouzelná země) (Version: - )
ASUS Wireless Router WL-500gP V2 Utilities (HKLM\...\{A4761FB2-072A-4F17-B4D7-C0640CF52D58}) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.8.2356 - AVAST Software)
Bláznivé prázdniny na pláži (HKLM\...\Bláznivé prázdniny na pláži) (Version: - )
Broadcom Management Programs (HKLM\...\{7BB045C3-D5E4-4620-B536-DC11AACD5942}) (Version: 11.67.01 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Dobrý farmář (HKLM\...\Dobrý farmář) (Version: - )
Dobrý náčelník 1.50 (HKLM\...\{Dobry nacelnik}_is1) (Version: - Špidla Data Processing, s.r.o.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - Google Inc.) Hidden
Horské dobrodružství - ztraceni v závějích 1.5 (HKLM\...\{Horske dobrodruzstvi - ztraceni v zavejich}_is1) (Version: - Špidla Data Processing, s.r.o.)
ImgBurn (HKLM\...\ImgBurn) (Version: - LIGHTNING UK!)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
KogamaLauncher-WWW (HKLM\...\{1CC9F278-D898-43D2-BBED-B3B765045888}) (Version: - Multiverse ApS)
Maľovanie pre deti (inštalácia na disk) (HKLM\...\Maľovanie pre deti (inštalácia na disk)) (Version: - )
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wdf01009) (Version: - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: - Mojang)
Mozilla Firefox 52.9.0 ESR (x86 sk) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 sk)) (Version: 52.9.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: - Mozilla)
MPC-HC 1.7.7 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.2 - Notepad++ Team)
Nova Skin resourcepack version 1.0 (HKLM\...\{497EF1F8-2F52-45A5-BF36-C6D11773F093}_is1) (Version: 1.0 - Nova Skin)
OpenOffice 4.1.1 (HKLM\...\{456408C1-3BDE-48CC-9A5A-79B1BB4C4787}) (Version: 4.11.9775 - Apache Software Foundation)
Opera beta 36.0.2130.29 (HKLM\...\Opera 36.0.2130.29) (Version: 36.0.2130.29 - Opera Software)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.8 - Tracker Software Products Ltd)
PRS-500 USB driver (HKLM\...\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}) (Version: - Sony)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: - Jan Fiala)
Reader Library by Sony (HKLM\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: - Sony Corporation)
Revelation Natural Art SK (HKLM\...\{78BF8D44-E631-44AC-9EAD-33A28D0E0F1F}) (Version: 1.5.8890 - Meno vašej spoločnosti)
ROBLOX Player for spravca (HKU\S-1-5-21-682003330-220523388-839522115-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Sibelius Scorch (Firefox, Opera, Netscape, Chrome only) (HKLM\...\{41626CC0-A854-4402-AD06-D7939515C282}) (Version: 6.2.0 - Sibelius Software, a division of Avid Technology, Inc.)
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - Analog Devices)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.259143 - TeamViewer)
Tenda Wireless LAN Card (HKLM\...\{192BCCC6-C47B-4473-B187-5164185A413C}) (Version: - Tenda)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-682003330-220523388-839522115-1003\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
WinDjView 2.1 (HKLM\...\WinDjView) (Version: 2.1 - Andrew Zhezherun)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 (HKLM\...\75070B1806113224B16C70296B90DD1AD8A53479) (Version: 08/08/2006 - Sony Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-682003330-220523388-839522115-1003_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\spravca\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies SF -> Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-682003330-220523388-839522115-1003_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files\PSPad editor\pspshellx32.dll () [File not signed]
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Windows Component Publisher -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2015-04-15] () [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\System32\igfxpph.dll [2006-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [1980-01-20] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1_S-1-5-21-682003330-220523388-839522115-1003: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files\PSPad editor\pspshellx32.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [msacm.trspch] => C:\WINDOWS\system32\tssoft32.acm [8192 2001-08-23] (Microsoft Windows Component Publisher -> DSP GROUP, INC.)
HKLM\...\Drivers32: [vidc.I420] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\WINDOWS\system32\ir32_32.dll [199168 2001-08-23] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [vidc.iv32] => C:\WINDOWS\system32\ir32_32.dll [199168 2001-08-23] (Microsoft Windows Component Publisher -> )
HKLM\...\Drivers32: [msacm.msg723] => C:\WINDOWS\system32\msg723.acm [118784 2001-08-23] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M263] => C:\WINDOWS\system32\msh263.drv [294912 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [vidc.M261] => C:\WINDOWS\system32\msh261.drv [188416 2008-04-14] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.msaudio1] => C:\WINDOWS\system32\msaud32.acm [282654 2009-09-01] (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\...\Drivers32: [msacm.sl_anet] => C:\WINDOWS\system32\sl_anet.acm [86016 2008-04-14] (Microsoft Windows Component Publisher -> Sipro Lab Telecom Inc.)
HKLM\...\Drivers32: [MIDI1] => C:\WINDOWS\system32\SYNCOR11.DLL [40820 2002-11-06] (SoundMAX) [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->\\.\root\subscription:MSFT_UCScenarioControl.Name=\"Microsoft WMI Updating Consumer Scenario Control\"",Filter="\\.\root\subscription:__EventFilter.Name=\"Microsoft WMI Updating Consumer Scenario Control\"::
WMI:subscription\__EventFilter->Microsoft WMI Updating Consumer Scenario Control::[Query => SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'MSFT_UCScenario']

==================== Loaded Modules (Whitelisted) =============

2014-08-13 09:27 - 2014-08-13 09:27 - 000436736 _____ (Apache Software Foundation) [File not signed] C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll
2012-02-15 18:07 - 2002-02-12 11:00 - 000067584 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Internet Explorer\mui\041b\browselc.dll
2012-02-15 18:59 - 2002-11-06 19:00 - 000040820 _____ (SoundMAX) [File not signed] C:\WINDOWS\system32\SYNCOR11.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\batfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION

==================== Internet Explorer (Version 6) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={ ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-682003330-220523388-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=i ... ar=msnhome
HKU\S-1-5-21-682003330-220523388-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-682003330-220523388-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-20] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-20] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 13:00 - 2023-03-05 18:28 - 000000784 _____ C:\WINDOWS\system32\drivers\etc\hosts localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Documents and Settings\All Users\Application Data\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Skype\Phone\
HKU\S-1-5-21-682003330-220523388-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\spravca\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: Media is not connected to internet.
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName3 -> C:\WINDOWS\system32\ipconf.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName4 -> C:\WINDOWS\system32\h323.tsp (Microsoft Windows Component Publisher -> Microsoft Corporation)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: Reader Library Launcher => C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Minecraft\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe] => Enabled:Avast Emergency Update
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

17-12-2022 06:54:50 Kontrolný bod systému
30-01-2023 15:18:05 Kontrolný bod systému
05-02-2023 11:32:46 Kontrolný bod systému
07-02-2023 16:51:27 Kontrolný bod systému
25-02-2023 10:44:46 Kontrolný bod systému
26-02-2023 11:28:50 Kontrolný bod systému
04-03-2023 12:19:51 Removed Broadcom NetXtreme Ethernet Controller.
05-03-2023 15:06:54 20230305_nefunkcna_siet
05-03-2023 15:08:47 Operácia obnovovania
05-03-2023 15:24:37 Installed Windows XP Wdf01009.

==================== Faulty Device Manager Devices ============

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC #2
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC #3
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC #4
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8139 Family PCI Fast Ethernet NIC #5
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: ========================

Application errors:
Error: (03/05/2023 07:10:05 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Toto sieťové pripojenie neexistuje.

Error: (03/05/2023 07:10:05 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Bol zadaný neplatný algoritmus.

Error: (03/05/2023 07:10:02 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Toto sieťové pripojenie neexistuje.

Error: (03/05/2023 07:10:02 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Bol zadaný neplatný algoritmus.

Error: (03/05/2023 07:10:02 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Toto sieťové pripojenie neexistuje.

Error: (03/05/2023 07:10:02 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Bol zadaný neplatný algoritmus.

Error: (03/05/2023 07:10:02 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Pri automatickej aktualizácii zlyhalo načítanie poradového čísla zoznamu základných certifikátov nezávislých vydavateľov z: <http://www.download.windowsupdate.com/m ... ootseq.txt> s chybou: Toto sieťové pripojenie neexistuje.

Error: (03/05/2023 07:10:02 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Bol zadaný neplatný algoritmus.

System errors:
Error: (03/05/2023 07:11:26 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 07:11:26 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 07:11:25 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 07:11:25 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 07:06:32 PM) (Source: DCOM) (EventID: 10005) (User: PETER)
Description: Server DCOM zistil chybu %%1084 = Túto službu nie je možné spustiť v núdzovom režime. pri pokuse spustiť službu StiSvc s argumentmi
potrebnú na spustenie servera:

Error: (03/05/2023 07:06:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:

Error: (03/05/2023 07:06:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby AFD Networking Support Environment, od ktorej závisí služba TeamViewer 11, zlyhalo kvôli nasledujúcej chybe:
Zariadenie pripojené na systém nie je funkčné.

Error: (03/05/2023 07:06:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Spustenie služby IPSEC driver, od ktorej závisí služba IPSEC Services, zlyhalo kvôli nasledujúcej chybe:
Zariadenie pripojené na systém nie je funkčné.

==================== Memory info ===========================

BIOS: Hewlett-Packard COMPAQ - 20060417 04/17/2006
Motherboard: Hewlett-Packard 09E8h
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 40%
Total physical RAM: 2551.43 MB
Available physical RAM: 1512.21 MB
Total Virtual: 4444.28 MB
Available Virtual: 3589.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.27 GB) (Free:11.75 GB) (Model: WDC WD400BD-60LTA0) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (DATA) (Fixed) (Total:57.27 GB) (Free:43.8 GB) (Model: Maxtor 6Y060L0) NTFS
Drive g: () (Removable) (Total:14.52 GB) (Free:13.87 GB) FAT32

==================== MBR & Partition Table ====================

Disk: 0 (MBR Code: Windows XP) (Size: 57.3 GB) (Disk ID: 6C756C75)
Partition 1: (Not Active) - (Size=57.3 GB) - (Type=07 NTFS)

Disk: 1 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 00050FBC)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

Disk: 2 (Size: 14.5 GB) (Disk ID: 3676018D)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=FAT32)

==================== End of Addition.txt =======================

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu FRST

#10 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\MountPoints2: {c238644c-9583-11e4-8c67-0014c20ec4d2} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\MountPoints2: {c2386455-9583-11e4-8c67-0014c20ec4d2} - "F:\WD SmartWare.exe" autoplay=true
HKLM\...\Windows NT x86\Print Processors\winprint: localspl.dll (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
S4 IntelIde; no ImagePath
C:\Documents and Settings\spravca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION

Uložte do G:\ jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 12
Registrován: 05 bře 2023 16:33

Re: Prosím o kontrolu logu FRST

#11 Příspěvek od peco »

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-03-2023
Ran by spravca (05-03-2023 20:19:59) Run:1
Running from G:\
Loaded Profiles: spravca
Boot Mode: Safe Mode (minimal)


fixlist content:

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\MountPoints2: {c238644c-9583-11e4-8c67-0014c20ec4d2} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-682003330-220523388-839522115-1003\...\MountPoints2: {c2386455-9583-11e4-8c67-0014c20ec4d2} - "F:\WD SmartWare.exe" autoplay=true
HKLM\...\Windows NT x86\Print Processors\winprint: localspl.dll (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] ->
S4 IntelIde; no ImagePath
C:\Documents and Settings\spravca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION


Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\"Tabs"="res://ieframe.dll/tabswelcome.htm" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKU\S-1-5-21-682003330-220523388-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c238644c-9583-11e4-8c67-0014c20ec4d2} => removed successfully.
HKU\S-1-5-21-682003330-220523388-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2386455-9583-11e4-8c67-0014c20ec4d2} => removed successfully.
HKLM\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Print Processors\winprint => removed successfully.
HKLM\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} => removed successfully.
HKLM\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} => removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => removed successfully.
IntelIde => service removed successfully.
C:\Documents and Settings\spravca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
"C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 11131 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/dllcache/drivers => 4890208 B
Edge => 0 B
Firefox => 8081335 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default User => 66164 B
All Users => 66164 B
systemprofile => 372913919 B
LocalService => 373046067 B
NetworkService => 373112231 B
spravca => 373629341 B
Administrator => 373695505 B

RecycleBin => 17582704 B
EmptyTemp: => 1.8 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:20:18 ====

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu FRST

#12 Příspěvek od Rudy »

Smazáno. Nastala změna k lepšímu?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 12
Registrován: 05 bře 2023 16:33

Re: Prosím o kontrolu logu FRST

#13 Příspěvek od peco »

Už neodpája sieť. Je to stabilnejšie. Ale tá interná NIC je mimo. Fungujem cez externú alebo cez WIFI.

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosím o kontrolu logu FRST

#14 Příspěvek od Rudy »

Co se týká domény NIC, nenapadá mne řešení. Zkuste googlit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 12
Registrován: 05 bře 2023 16:33

Re: Prosím o kontrolu logu FRST

#15 Příspěvek od peco »

Problém bol v externej NIC v PCI slote. Po jej odstránení je už všetko v poriadku, aj interná NIC už pracuje ako má. PC je na svoje možnosti svižné. Ďakujem.
