Logfile of random's system information tool 1.09 (written by random/random)
Run by PKKBr at 2013-12-01 15:58:48
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (62%) free of 38 GB
Total RAM: 511 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:58:58, on 1.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ssins.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\PKKBr\Plocha\RSIT.exe
C:\Program Files\trend micro\PKKBr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - S-1-5-18 Startup: _uninst_16581426.lnk = C:\Documents and Settings\PKKBr\Local Settings\Temp\_uninst_16581426.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: _uninst_16581426.lnk = C:\Documents and Settings\PKKBr\Local Settings\Temp\_uninst_16581426.bat (User 'Default user')
O4 - Startup: _uninst_16581426.lnk = C:\Documents and Settings\PKKBr\Local Settings\Temp\_uninst_16581426.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\WINDOWS\System32\ssins.exe
--
End of file - 7649 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\SmartDefragUpdate.job
C:\WINDOWS\tasks\SmartDefrag_Startup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-07 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-07 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-11-17 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-11-17 86016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"ISUSPM Startup"=c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
C:\Documents and Settings\PKKBr\Nabídka Start\Programy\Po spuštění
_uninst_16581426.lnk - C:\Documents and Settings\PKKBr\Local Settings\Temp\_uninst_16581426.bat
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=ctwdm32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=ctwdm32.dll
======List of files/folders created in the last 1 month======
======List of files/folders modified in the last 1 month======
2013-12-01 15:58:52 ----D---- C:\Program Files\trend micro
2013-12-01 13:49:33 ----D---- C:\WINDOWS\Prefetch
2013-12-01 12:19:36 ----SHD---- C:\WINDOWS\Installer
2013-12-01 12:08:56 ----D---- C:\WINDOWS\Temp
2013-12-01 12:07:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-27 11:38:04 ----D---- C:\WINDOWS
2013-11-26 13:21:42 ----A---- C:\WINDOWS\NeroDigital.ini
2013-11-25 09:20:43 ----D---- C:\WINDOWS\Minidump
2013-11-17 22:35:10 ----A---- C:\WINDOWS\wincmd.ini
2013-11-17 20:17:45 ----D---- C:\sport_tj
2013-11-15 20:17:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 IdeBusDr;IdeBusDr; C:\WINDOWS\system32\DRIVERS\IdeBusDr.sys [2001-09-06 13366]
R0 IdeChnDr;Intel(r) Ultra ATA Controller; C:\WINDOWS\system32\DRIVERS\IdeChnDr.sys [2001-09-06 86330]
R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2010-11-26 14776]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 184664]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-09-17 61600]
R2 EBIOS32;EBIOS32 - NT Driver; C:\WINDOWS\System32\Drivers\EBIOS32.SYS [2000-11-10 13922]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R3 Cap7134;TVFM 503 WDM Video Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-01-25 428064]
R3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-09-17 38952]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-11-17 3994688]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 713xTVCard;SAA7130 TV Card; C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 277504]
S3 catchme;catchme; \??\C:\DOCUME~1\PKKBr\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ISMBIOS;SMBIOS NT Service; C:\WINDOWS\System32\drivers\iSMbios.sys [2000-11-10 16480]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-19 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-19 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-07 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-11-17 159811]
R2 ssinstall;SInstalátor; C:\WINDOWS\System32\ssins.exe [2013-10-02 2324216]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-06 116648]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09 257416]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-06 116648]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zablokovany antivir, prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zablokovany antivir, prosím o kontrolu
Zdravím!
Dejte log ComboFix:
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zablokovany antivir, prosím o kontrolu
bohužel se mi to nezadařilo.
Combofix zjistil, že následující programy mají zapnuté rezidentní štíty:
antivirus:
Ale Firewall ve Win je vypnuty a antivir nefunkcni, po zapnuti se sam ukonci, takze ho nemam kde ukoncit. Antivir je Nod32 ve trial verzi, která už vypršela, chtel jsem místo nej instaloat Aviru, ale ta nejde nainstalovat. Nod 32 taky nejede, po zapnuti pocitace to ohlasi chybu a ukonceni programu od Eset.
Nebylo by řešením celý ESET odinstalovat?
Combofix zjistil, že následující programy mají zapnuté rezidentní štíty:
antivirus:
Ale Firewall ve Win je vypnuty a antivir nefunkcni, po zapnuti se sam ukonci, takze ho nemam kde ukoncit. Antivir je Nod32 ve trial verzi, která už vypršela, chtel jsem místo nej instaloat Aviru, ale ta nejde nainstalovat. Nod 32 taky nejede, po zapnuti pocitace to ohlasi chybu a ukonceni programu od Eset.
Nebylo by řešením celý ESET odinstalovat?
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zablokovany antivir, prosím o kontrolu
Určitě. Vypršelá trial verze vám tak, jako tak, není k ničemu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zablokovany antivir, prosím o kontrolu
Nod jsem odinstaloval a Combofix spustil. Ale nevim, kde najdu log, na plose nic neni.
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zablokovany antivir, prosím o kontrolu
Koukněte do c:\combofix.txt. Tam by měl být.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zablokovany antivir, prosím o kontrolu
tak bohuzel, tento soubor nikde v PC není. Připadá mi to, že během skenování se počítač restartoval a po restartu už skenovani nepokrycovalo.
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zablokovany antivir, prosím o kontrolu
OK. Spusťte CF znovu, ale v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zablokovany antivir, prosím o kontrolu
opet nic... v Nouzovem rezimu ikona CF na plose není a nenasel jsem ho ani nikde jinde
Re: zablokovany antivir, prosím o kontrolu
takze jinak.... CF jsem v nouzovem rezimu spustil, ale prubeh stejny, po restartu uz program ve skenovani nepokracoval a zadny log se nevytvoril
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zablokovany antivir, prosím o kontrolu
OK. CF odinstalujte T-Cleanerem: http://vyosek.ic.cz/pro_usery/T-Cleaner.exe . Dále zkuste tento postup: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zablokovany antivir, prosím o kontrolu
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by PKKBr (administrator) on MAMKA_PC on 01-12-2013 23:07:37
Running from C:\Documents and Settings\PKKBr\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(IObit) C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(PS Media s.r.o.) C:\WINDOWS\system32\ssins.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Documents and Settings\PKKBr\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
HKU\Administrator.MAMKA_PC\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Administrator.MAMKA_PC\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
Startup: C:\Documents and Settings\PKKBr\Nabídka Start\Programy\Po spuštění\_uninst_16581426.lnk
ShortcutTarget: _uninst_16581426.lnk -> C:\Documents and Settings\PKKBr\Local Settings\Temp\_uninst_16581426.bat (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKLM - DefaultScope {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL =
SearchScopes: HKCU - DefaultScope {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
SearchScopes: HKCU - {1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {2708957E-B5AF-4FF5-B6B3-C695503FC405} URL = http://search.seznam.cz/searchScreen?w= ... rms}&mod=f
SearchScopes: HKCU - {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "hxxp://www.seznam.cz/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Google Wallet) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
========================== Services (Whitelisted) =================
R2 ssinstall; C:\WINDOWS\System32\ssins.exe [2324216 2013-10-02] (PS Media s.r.o.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S2 713xTVCard; C:\Windows\System32\DRIVERS\SAA713x.sys [277504 2005-03-15] (Philips Semiconductors)
R3 Cap7134; C:\Windows\System32\DRIVERS\Cap7134.sys [428064 2003-01-25] (AVerMedia TECHNOLOGIES, Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R2 EBIOS32; C:\Windows\System32\Drivers\EBIOS32.SYS [13922 2000-11-10] (Intel Corporation)
R3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
R3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 IdeBusDr; C:\Windows\System32\DRIVERS\IdeBusDr.sys [13366 2001-09-06] (Intel Corporation)
R0 IdeChnDr; C:\Windows\System32\DRIVERS\IdeChnDr.sys [86330 2001-09-06] (Intel Corporation)
S3 ISMBIOS; C:\Windows\System32\drivers\iSMbios.sys [16480 2000-11-10] (Intel Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2010-11-26] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-01 23:07 - 2013-12-01 23:08 - 00010923 _____ C:\Documents and Settings\PKKBr\Plocha\FRST.txt
2013-12-01 23:06 - 2013-12-01 23:06 - 00000000 ____D C:\FRST
2013-12-01 23:04 - 2013-12-01 23:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\PKKBr\Plocha\FRSTLauncher.exe
2013-12-01 23:03 - 2013-12-01 23:03 - 01092187 _____ (Farbar) C:\Documents and Settings\PKKBr\Plocha\FRST.exe
2013-12-01 22:58 - 2013-12-01 22:58 - 00165888 _____ C:\Documents and Settings\PKKBr\Plocha\T-Cleaner.exe
2013-12-01 22:34 - 2013-12-01 22:34 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-01 22:04 - 2013-12-01 22:04 - 00000000 __SHD C:\Documents and Settings\Administrator.MAMKA_PC\IETldCache
2013-12-01 22:03 - 2013-12-01 22:33 - 00000178 ___SH C:\Documents and Settings\Administrator.MAMKA_PC\ntuser.ini
2013-12-01 22:03 - 2013-12-01 22:04 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC
2013-12-01 22:03 - 2010-02-07 02:09 - 00000000 ___HD C:\Documents and Settings\Administrator.MAMKA_PC\Local Settings\Data aplikací
2013-12-01 22:03 - 2010-02-07 02:09 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Local Settings\Data aplikací\Adobe
2013-12-01 22:03 - 2010-02-07 02:08 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Data aplikací
2013-12-01 22:03 - 2010-02-07 02:08 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Data aplikací\Macromedia
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy\Po spuštění
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Plocha
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Okolní tiskárny
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Okolní síť
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Oblíbené položky
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Dokumenty
2013-12-01 22:03 - 2010-02-07 00:48 - 00001599 _____ C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy\Vzdálená pomoc.lnk
2013-12-01 22:03 - 2010-02-07 00:48 - 00000788 _____ C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy\Windows Media Player.lnk
2013-12-01 22:03 - 2010-02-07 00:48 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy\Příslušenství
2013-12-01 22:03 - 2010-02-07 00:48 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy
2013-12-01 22:03 - 2010-02-07 00:43 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Šablony
2013-12-01 20:13 - 2013-12-01 20:13 - 00002072 _____ C:\WINDOWS\setupapi.log
2013-12-01 12:14 - 2013-12-01 12:14 - 00356352 _____ C:\Documents and Settings\PKKBr\Plocha\avira_free_antivirus_en.exe
2013-11-20 13:51 - 2013-11-20 13:51 - 00086528 _____ C:\Documents and Settings\PKKBr\Plocha\Kopie - Xl0000003.xls
2013-11-03 15:13 - 2013-11-03 15:13 - 00000339 _____ C:\Documents and Settings\PKKBr\Plocha\Archiv.lnk
==================== One Month Modified Files and Folders =======
2013-12-01 23:08 - 2013-12-01 23:07 - 00010923 _____ C:\Documents and Settings\PKKBr\Plocha\FRST.txt
2013-12-01 23:07 - 2010-02-07 00:58 - 00000000 ____D C:\Documents and Settings\PKKBr\Plocha
2013-12-01 23:06 - 2013-12-01 23:06 - 00000000 ____D C:\FRST
2013-12-01 23:06 - 2010-02-07 00:58 - 00000000 ___HD C:\Documents and Settings\PKKBr\Local Settings\Data aplikací
2013-12-01 23:04 - 2013-12-01 23:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\PKKBr\Plocha\FRSTLauncher.exe
2013-12-01 23:03 - 2013-12-01 23:03 - 01092187 _____ (Farbar) C:\Documents and Settings\PKKBr\Plocha\FRST.exe
2013-12-01 23:00 - 2010-02-10 20:06 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-01 22:59 - 2010-02-07 00:58 - 00000000 ____D C:\Documents and Settings\PKKBr
2013-12-01 22:59 - 2010-02-07 00:45 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-01 22:58 - 2013-12-01 22:58 - 00165888 _____ C:\Documents and Settings\PKKBr\Plocha\T-Cleaner.exe
2013-12-01 22:58 - 2013-10-28 14:44 - 00000000 ____D C:\Program Files\trend micro
2013-12-01 22:49 - 2012-04-29 12:15 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-01 22:41 - 2010-02-07 00:46 - 01952271 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-01 22:40 - 2013-07-24 19:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-01 22:40 - 2013-07-24 19:00 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-12-01 22:40 - 2013-06-02 19:02 - 00000000 _____ C:\WINDOWS\system32\sinstall.log
2013-12-01 22:40 - 2013-04-14 13:59 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 22:40 - 2012-12-28 14:44 - 00000280 _____ C:\WINDOWS\Tasks\SmartDefrag_Startup.job
2013-12-01 22:40 - 2012-12-28 14:44 - 00000278 _____ C:\WINDOWS\Tasks\SmartDefragUpdate.job
2013-12-01 22:40 - 2010-02-07 01:06 - 00089134 _____ C:\WINDOWS\system32\nvapps.xml
2013-12-01 22:40 - 2010-02-07 00:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-01 22:39 - 2010-02-07 00:58 - 00000000 ___RD C:\Documents and Settings\PKKBr\Data aplikací
2013-12-01 22:34 - 2013-12-01 22:34 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-01 22:33 - 2013-12-01 22:03 - 00000178 ___SH C:\Documents and Settings\Administrator.MAMKA_PC\ntuser.ini
2013-12-01 22:04 - 2013-12-01 22:04 - 00000000 __SHD C:\Documents and Settings\Administrator.MAMKA_PC\IETldCache
2013-12-01 22:04 - 2013-12-01 22:03 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC
2013-12-01 22:02 - 2013-07-05 07:26 - 00032518 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-01 22:02 - 2010-02-07 00:58 - 00000272 ___SH C:\Documents and Settings\PKKBr\ntuser.ini
2013-12-01 21:54 - 2010-02-07 11:15 - 00001124 _____ C:\WINDOWS\wincmd.ini
2013-12-01 21:37 - 2013-04-14 13:59 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 20:13 - 2013-12-01 20:13 - 00002072 _____ C:\WINDOWS\setupapi.log
2013-12-01 20:13 - 2010-02-07 02:48 - 00000000 ____D C:\Program Files\ESET
2013-12-01 20:13 - 2010-02-07 01:36 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-12-01 12:14 - 2013-12-01 12:14 - 00356352 _____ C:\Documents and Settings\PKKBr\Plocha\avira_free_antivirus_en.exe
2013-12-01 12:06 - 2001-10-25 17:00 - 00002228 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-26 13:21 - 2010-02-12 19:33 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-11-26 13:21 - 2010-02-07 01:16 - 00148992 _____ C:\Documents and Settings\PKKBr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-20 20:34 - 2010-02-07 14:00 - 00002561 _____ C:\Documents and Settings\PKKBr\Plocha\Microsoft Office Word 2003.lnk
2013-11-20 13:51 - 2013-11-20 13:51 - 00086528 _____ C:\Documents and Settings\PKKBr\Plocha\Kopie - Xl0000003.xls
2013-11-17 20:17 - 2010-03-11 16:35 - 00000000 ____D C:\sport_tj
2013-11-17 20:13 - 2010-03-11 16:35 - 00000515 _____ C:\Documents and Settings\PKKBr\Plocha\IS TJSK.lnk
2013-11-17 20:13 - 2010-03-11 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\ČSTV
2013-11-15 20:17 - 2010-02-07 12:27 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2013-11-15 12:08 - 2013-09-06 13:24 - 00001813 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2013-11-03 15:13 - 2013-11-03 15:13 - 00000339 _____ C:\Documents and Settings\PKKBr\Plocha\Archiv.lnk
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\Windows\System32\winlogon.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\Windows\System32\svchost.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\Windows\System32\services.exe
[2008-04-14 07:52] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7
C:\Windows\System32\User32.dll
[2008-04-14 07:52] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\Windows\System32\userinit.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 06:42] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:37.26 GB) (Free:25.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:152.66 GB) (Free:54.67 GB) NTFS
Available physical RAM: 159.17 MB
Total physical RAM: 511.3 MB
Percentage of memory in use: 68%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 37 GB) (Disk ID: 6B45713A)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
Disk: 1 (Size: 153 GB) (Disk ID: EB978760)
Partition 1: (Active) - (Size=153 GB) - (Type=06)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\PKKBr\Plocha" je 1896 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Ran by PKKBr (administrator) on MAMKA_PC on 01-12-2013 23:07:37
Running from C:\Documents and Settings\PKKBr\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(IObit) C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Creative Technology Ltd.) C:\WINDOWS\system32\devldr32.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(PS Media s.r.o.) C:\WINDOWS\system32\ssins.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Documents and Settings\PKKBr\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\Administrator\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
HKU\Administrator.MAMKA_PC\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Administrator.MAMKA_PC\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-27] (Nero AG)
Startup: C:\Documents and Settings\PKKBr\Nabídka Start\Programy\Po spuštění\_uninst_16581426.lnk
ShortcutTarget: _uninst_16581426.lnk -> C:\Documents and Settings\PKKBr\Local Settings\Temp\_uninst_16581426.bat (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKLM - DefaultScope {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL =
SearchScopes: HKCU - DefaultScope {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
SearchScopes: HKCU - {1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {2708957E-B5AF-4FF5-B6B3-C695503FC405} URL = http://search.seznam.cz/searchScreen?w= ... rms}&mod=f
SearchScopes: HKCU - {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "hxxp://www.seznam.cz/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U18) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Google Wallet) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\PKKBr\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
========================== Services (Whitelisted) =================
R2 ssinstall; C:\WINDOWS\System32\ssins.exe [2324216 2013-10-02] (PS Media s.r.o.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
==================== Drivers (Whitelisted) ====================
S2 713xTVCard; C:\Windows\System32\DRIVERS\SAA713x.sys [277504 2005-03-15] (Philips Semiconductors)
R3 Cap7134; C:\Windows\System32\DRIVERS\Cap7134.sys [428064 2003-01-25] (AVerMedia TECHNOLOGIES, Inc.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R2 EBIOS32; C:\Windows\System32\Drivers\EBIOS32.SYS [13922 2000-11-10] (Intel Corporation)
R3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
R3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 IdeBusDr; C:\Windows\System32\DRIVERS\IdeBusDr.sys [13366 2001-09-06] (Intel Corporation)
R0 IdeChnDr; C:\Windows\System32\DRIVERS\IdeChnDr.sys [86330 2001-09-06] (Intel Corporation)
S3 ISMBIOS; C:\Windows\System32\drivers\iSMbios.sys [16480 2000-11-10] (Intel Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [14776 2010-11-26] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-01 23:07 - 2013-12-01 23:08 - 00010923 _____ C:\Documents and Settings\PKKBr\Plocha\FRST.txt
2013-12-01 23:06 - 2013-12-01 23:06 - 00000000 ____D C:\FRST
2013-12-01 23:04 - 2013-12-01 23:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\PKKBr\Plocha\FRSTLauncher.exe
2013-12-01 23:03 - 2013-12-01 23:03 - 01092187 _____ (Farbar) C:\Documents and Settings\PKKBr\Plocha\FRST.exe
2013-12-01 22:58 - 2013-12-01 22:58 - 00165888 _____ C:\Documents and Settings\PKKBr\Plocha\T-Cleaner.exe
2013-12-01 22:34 - 2013-12-01 22:34 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-01 22:04 - 2013-12-01 22:04 - 00000000 __SHD C:\Documents and Settings\Administrator.MAMKA_PC\IETldCache
2013-12-01 22:03 - 2013-12-01 22:33 - 00000178 ___SH C:\Documents and Settings\Administrator.MAMKA_PC\ntuser.ini
2013-12-01 22:03 - 2013-12-01 22:04 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC
2013-12-01 22:03 - 2010-02-07 02:09 - 00000000 ___HD C:\Documents and Settings\Administrator.MAMKA_PC\Local Settings\Data aplikací
2013-12-01 22:03 - 2010-02-07 02:09 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Local Settings\Data aplikací\Adobe
2013-12-01 22:03 - 2010-02-07 02:08 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Data aplikací
2013-12-01 22:03 - 2010-02-07 02:08 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Data aplikací\Macromedia
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy\Po spuštění
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Plocha
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Okolní tiskárny
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Okolní síť
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Oblíbené položky
2013-12-01 22:03 - 2010-02-07 01:36 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Dokumenty
2013-12-01 22:03 - 2010-02-07 00:48 - 00001599 _____ C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy\Vzdálená pomoc.lnk
2013-12-01 22:03 - 2010-02-07 00:48 - 00000788 _____ C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy\Windows Media Player.lnk
2013-12-01 22:03 - 2010-02-07 00:48 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy\Příslušenství
2013-12-01 22:03 - 2010-02-07 00:48 - 00000000 ___RD C:\Documents and Settings\Administrator.MAMKA_PC\Nabídka Start\Programy
2013-12-01 22:03 - 2010-02-07 00:43 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC\Šablony
2013-12-01 20:13 - 2013-12-01 20:13 - 00002072 _____ C:\WINDOWS\setupapi.log
2013-12-01 12:14 - 2013-12-01 12:14 - 00356352 _____ C:\Documents and Settings\PKKBr\Plocha\avira_free_antivirus_en.exe
2013-11-20 13:51 - 2013-11-20 13:51 - 00086528 _____ C:\Documents and Settings\PKKBr\Plocha\Kopie - Xl0000003.xls
2013-11-03 15:13 - 2013-11-03 15:13 - 00000339 _____ C:\Documents and Settings\PKKBr\Plocha\Archiv.lnk
==================== One Month Modified Files and Folders =======
2013-12-01 23:08 - 2013-12-01 23:07 - 00010923 _____ C:\Documents and Settings\PKKBr\Plocha\FRST.txt
2013-12-01 23:07 - 2010-02-07 00:58 - 00000000 ____D C:\Documents and Settings\PKKBr\Plocha
2013-12-01 23:06 - 2013-12-01 23:06 - 00000000 ____D C:\FRST
2013-12-01 23:06 - 2010-02-07 00:58 - 00000000 ___HD C:\Documents and Settings\PKKBr\Local Settings\Data aplikací
2013-12-01 23:04 - 2013-12-01 23:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\PKKBr\Plocha\FRSTLauncher.exe
2013-12-01 23:03 - 2013-12-01 23:03 - 01092187 _____ (Farbar) C:\Documents and Settings\PKKBr\Plocha\FRST.exe
2013-12-01 23:00 - 2010-02-10 20:06 - 00000000 ____D C:\WINDOWS\Minidump
2013-12-01 22:59 - 2010-02-07 00:58 - 00000000 ____D C:\Documents and Settings\PKKBr
2013-12-01 22:59 - 2010-02-07 00:45 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-12-01 22:58 - 2013-12-01 22:58 - 00165888 _____ C:\Documents and Settings\PKKBr\Plocha\T-Cleaner.exe
2013-12-01 22:58 - 2013-10-28 14:44 - 00000000 ____D C:\Program Files\trend micro
2013-12-01 22:49 - 2012-04-29 12:15 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-01 22:41 - 2010-02-07 00:46 - 01952271 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-01 22:40 - 2013-07-24 19:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-01 22:40 - 2013-07-24 19:00 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-12-01 22:40 - 2013-06-02 19:02 - 00000000 _____ C:\WINDOWS\system32\sinstall.log
2013-12-01 22:40 - 2013-04-14 13:59 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 22:40 - 2012-12-28 14:44 - 00000280 _____ C:\WINDOWS\Tasks\SmartDefrag_Startup.job
2013-12-01 22:40 - 2012-12-28 14:44 - 00000278 _____ C:\WINDOWS\Tasks\SmartDefragUpdate.job
2013-12-01 22:40 - 2010-02-07 01:06 - 00089134 _____ C:\WINDOWS\system32\nvapps.xml
2013-12-01 22:40 - 2010-02-07 00:54 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-01 22:39 - 2010-02-07 00:58 - 00000000 ___RD C:\Documents and Settings\PKKBr\Data aplikací
2013-12-01 22:34 - 2013-12-01 22:34 - 00000000 __SHD C:\WINDOWS\CSC
2013-12-01 22:33 - 2013-12-01 22:03 - 00000178 ___SH C:\Documents and Settings\Administrator.MAMKA_PC\ntuser.ini
2013-12-01 22:04 - 2013-12-01 22:04 - 00000000 __SHD C:\Documents and Settings\Administrator.MAMKA_PC\IETldCache
2013-12-01 22:04 - 2013-12-01 22:03 - 00000000 ____D C:\Documents and Settings\Administrator.MAMKA_PC
2013-12-01 22:02 - 2013-07-05 07:26 - 00032518 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-01 22:02 - 2010-02-07 00:58 - 00000272 ___SH C:\Documents and Settings\PKKBr\ntuser.ini
2013-12-01 21:54 - 2010-02-07 11:15 - 00001124 _____ C:\WINDOWS\wincmd.ini
2013-12-01 21:37 - 2013-04-14 13:59 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-01 20:13 - 2013-12-01 20:13 - 00002072 _____ C:\WINDOWS\setupapi.log
2013-12-01 20:13 - 2010-02-07 02:48 - 00000000 ____D C:\Program Files\ESET
2013-12-01 20:13 - 2010-02-07 01:36 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2013-12-01 12:14 - 2013-12-01 12:14 - 00356352 _____ C:\Documents and Settings\PKKBr\Plocha\avira_free_antivirus_en.exe
2013-12-01 12:06 - 2001-10-25 17:00 - 00002228 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-26 13:21 - 2010-02-12 19:33 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2013-11-26 13:21 - 2010-02-07 01:16 - 00148992 _____ C:\Documents and Settings\PKKBr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-20 20:34 - 2010-02-07 14:00 - 00002561 _____ C:\Documents and Settings\PKKBr\Plocha\Microsoft Office Word 2003.lnk
2013-11-20 13:51 - 2013-11-20 13:51 - 00086528 _____ C:\Documents and Settings\PKKBr\Plocha\Kopie - Xl0000003.xls
2013-11-17 20:17 - 2010-03-11 16:35 - 00000000 ____D C:\sport_tj
2013-11-17 20:13 - 2010-03-11 16:35 - 00000515 _____ C:\Documents and Settings\PKKBr\Plocha\IS TJSK.lnk
2013-11-17 20:13 - 2010-03-11 16:35 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\ČSTV
2013-11-15 20:17 - 2010-02-07 12:27 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2013-11-15 12:08 - 2013-09-06 13:24 - 00001813 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2013-11-03 15:13 - 2013-11-03 15:13 - 00000339 _____ C:\Documents and Settings\PKKBr\Plocha\Archiv.lnk
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\Windows\System32\winlogon.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\Windows\System32\svchost.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\Windows\System32\services.exe
[2008-04-14 07:52] - [2009-02-09 12:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7
C:\Windows\System32\User32.dll
[2008-04-14 07:52] - [2008-04-14 07:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\Windows\System32\userinit.exe
[2008-04-14 07:52] - [2008-04-14 07:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-14 06:42] - [2008-04-14 06:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Drive c: () (Fixed) (Total:37.26 GB) (Free:25.31 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:152.66 GB) (Free:54.67 GB) NTFS
Available physical RAM: 159.17 MB
Total physical RAM: 511.3 MB
Percentage of memory in use: 68%
==================== MBR and Partition Table ==================
Disk: 0 (Size: 37 GB) (Disk ID: 6B45713A)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)
Disk: 1 (Size: 153 GB) (Disk ID: EB978760)
Partition 1: (Active) - (Size=153 GB) - (Type=06)
==================== Scheduled Tasks (whitelisted) ==================
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefragUpdate.job => C:\Program Files\IObit\Smart Defrag 2\AutoUpdate.exe
Task: C:\WINDOWS\Tasks\SmartDefrag_Startup.job => C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\PKKBr\Plocha" je 1896 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"="C:\\Program Files\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zablokovany antivir, prosím o kontrolu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKU\Administrator\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Administrator.MAMKA_PC\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
SearchScopes: HKCU - DefaultScope {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
SearchScopes: HKCU - {1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} URL = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
SearchScopes: HKCU - {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zablokovany antivir, prosím o kontrolu
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-12-2013 01
Ran by PKKBr at 2013-12-03 18:33:22 Run:1
Running from C:\Documents and Settings\PKKBr\Plocha
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKU\Administrator\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Administrator.MAMKA_PC\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
SearchScopes: HKCU - DefaultScope {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
SearchScopes: HKCU - {1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} URL = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
SearchScopes: HKCU - {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value not found.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 => Value deleted successfully.
HKU\Administrator.MAMKA_PC\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74B6C873-7A32-4FDA-9F6C-2C60F2500822} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{74B6C873-7A32-4FDA-9F6C-2C60F2500822} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Value deleted successfully.
HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
==== End of Fixlog ====
Ran by PKKBr at 2013-12-03 18:33:22 Run:1
Running from C:\Documents and Settings\PKKBr\Plocha
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKU\Administrator\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Administrator.MAMKA_PC\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
HKU\Default User\...\RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
SearchScopes: HKCU - DefaultScope {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
SearchScopes: HKCU - {1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} URL = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
SearchScopes: HKCU - {74B6C873-7A32-4FDA-9F6C-2C60F2500822} URL = http://search.conduit.com/ResultsExt.as ... 49900&UM=1
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value not found.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 => Value deleted successfully.
HKU\Administrator.MAMKA_PC\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1B51E3CD-720B-459C-A73A-E2F8CCF95AEE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74B6C873-7A32-4FDA-9F6C-2C60F2500822} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{74B6C873-7A32-4FDA-9F6C-2C60F2500822} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Value deleted successfully.
HKCR\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119532
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zablokovany antivir, prosím o kontrolu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?