Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2017
Ran by Administrator (administrator) on PC-280019 (14-02-2017 18:22:01)
Running from C:\Documents and Settings\Administrator\Plocha
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Devguru Co., Ltd.) C:\WINDOWS\system32\dgdersvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sunbelt Software, Inc.) C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\Program Files\ASUS\AI Remote\AiRc.exe
(ASUSTek COMPUTER INC.) C:\Program Files\ASUS\AI Remote\AiRemote.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(FastStone Soft) C:\Program Files\FastStone Image Viewer\FSViewer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16132608 2007-04-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Ai Remote Help] => C:\Program Files\ASUS\AI Remote\AiRc.exe [3346432 2007-09-04] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM\...\RunOnce: [SpybotDeletingE324] => C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [2710040 2012-11-13] (Safer-Networking Ltd.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2011-11-10] (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3365176 2010-11-11] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Run: [AmitiAntivirus] => C:\Program Files\NETGATE\Amiti Antivirus\AmitiAv.exe
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Data aplikacĂ\uTorrent\utorrent.exe [899416 2013-11-11] (BitTorrent Inc.)
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Run: [SpyEmergency] => C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\RunOnce: [SpybotDeletingF6292] => C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [2710040 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Policies\system: [HideLogoffScripts] 0
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Policies\system: [RunStartupScriptSync] 1
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Policies\system: [HideStartupScripts] 0
HKU\S-1-5-21-1957994488-1450960922-725345543-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-09] (AVAST Software)
Startup: C:\Documents and Settings\Administrator\NabĂdka Start\Programy\Po spuštÄ›nĂ\Výřezy obrazovky a spuštÄ›nĂ aplikace OneNote 2007.lnk [2008-10-31]
ShortcutTarget: Výřezy obrazovky a spuštěnà aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\NabĂdka Start\Programy\Po spuštÄ›nĂ\AutorunsDisabled [2015-11-16] ()
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{4B98EB7C-F79C-49B0-BECF-3C0747268979}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{AC9813D5-DF15-4FAA-B664-456CB4301559}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{B0EA1164-9F1F-4C3B-B131-D3D0AD8EC5AA}: [DhcpNameServer] 213.46.172.37 213.46.172.36 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1957994488-1450960922-725345543-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
URLSearchHook: HKU\S-1-5-21-1957994488-1450960922-725345543-500 -> Default = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKU\S-1-5-21-1957994488-1450960922-725345543-500 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-1957994488-1450960922-725345543-500 -> {210073B5-670D-4ABE-A7CB-83EDBC77BF35} URL = hxxp://search.orbitdownloader.com/ie.php?q={searchTerms}&enc={inputEncoding}
SearchScopes: HKU\S-1-5-21-1957994488-1450960922-725345543-500 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL =
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [2008-02-29] (BitComet)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
Toolbar: HKU\S-1-5-21-1957994488-1450960922-725345543-500 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2011-12-19] (SpoleÄŤnost Microsoft)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default [2017-02-14]
FF Homepage: C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default -> hxxps://facebook.com/
FF Extension: (Adblock Plus Pop-up Addon) - C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-04-28]
FF Extension: (YouTube mp3) - C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default\Extensions\info@youtube-mp3.org.xpi [2016-04-27]
FF Extension: (YouTube ALL HTML5) - C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2017-01-13]
FF Extension: (SQLite Manager) - C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-04-28]
FF Extension: (All-in-One Gestures) - C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2016-04-28]
FF Extension: (Complete YouTube Saver) - C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2017-02-11]
FF Extension: (Cookies Manager+) - C:\Documents and Settings\Administrator\Data aplikacĂ\Mozilla\Firefox\Profiles\gexif2zp.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2016-12-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-03] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-09]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2009-01-16] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-10-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1957994488-1450960922-725345543-500: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\Google\Update\1.3.21.68\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1957994488-1450960922-725345543-500: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\Google\Update\1.3.21.68\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1957994488-1450960922-725345543-500: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2015-09-09] (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default [2017-02-05]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-09-21]
CHR Extension: (Avast SafePrice) - C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-21]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-21]
CHR Extension: (Platby InternetovĂ©ho obchodu Chrome) - C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-21]
CHR HKLM\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
R2 dgdersvc; C:\WINDOWS\system32\dgdersvc.exe [95568 2010-10-25] (Devguru Co., Ltd.)
R2 FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [217088 2010-10-26] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [75136 2011-07-21] ()
R2 SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [95528 2008-10-31] (Sunbelt Software, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 SPF4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [1365288 2008-10-31] (Sunbelt Software, Inc.)
S2 SpyEmrgHealth; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyHealth.exe [X]
S2 WiseBootAssistant; E:\Wise Care 365\BootTime.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [12664 2006-10-18] ()
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [65344 2017-01-17] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-09] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-09] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-09] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-09-09] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2016-03-16] (The OpenVPN Project)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-09-09] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101392 2011-03-30] (Advanced Micro Devices)
R0 BtHidBus; C:\WINDOWS\System32\Drivers\BtHidBus.sys [20616 2008-07-31] (IVT Corporation.)
S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [27672 2007-09-07] (EnTech Taiwan)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36640 2010-10-25] () [File not signed]
S3 gdrv; C:\WINDOWS\gdrv.sys [17488 2011-08-24] (Windows (R) 2000 DDK provider)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\AtiHdAud.sys [84992 2006-12-28] (ATI Research Inc.) [File not signed]
S3 IvtBtBUs; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [26248 2008-07-02] (IVT Corporation.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [137728 2007-05-25] (Marvell Semiconductor, Inc.)
S3 rtl8029; C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [19017 2001-08-17] (Realtek Semiconductor Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SbFw; C:\WINDOWS\System32\drivers\SbFw.sys [270888 2008-10-31] (Sunbelt Software, Inc.)
R3 SBFWIMCL; C:\WINDOWS\System32\DRIVERS\sbfwim.sys [65576 2008-06-21] (Sunbelt Software, Inc.)
R1 sbhips; C:\WINDOWS\system32\drivers\sbhips.sys [66600 2008-06-21] (Sunbelt Software, Inc.)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [10144 2004-04-14] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [21280 2004-04-14] (Logitech Inc.)
S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [14432 2004-04-14] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [5600 2004-04-14] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [44064 2004-04-14] (Logitech Inc.)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; no ImagePath
S3 MSICDSetup; \??\F:\CDriver.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 sptd; System32\Drivers\sptd.sys [X]
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S4 yukonwxp; system32\DRIVERS\yk51x86.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-14 18:22 - 2017-02-14 18:22 - 00020315 _____ C:\Documents and Settings\Administrator\Plocha\FRST.txt
2017-02-14 18:21 - 2017-02-14 18:22 - 00000000 ____D C:\FRST
2017-02-14 18:20 - 2017-02-14 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Plocha\FRSTLauncher.exe
2017-02-14 18:19 - 2017-02-14 18:17 - 01764352 _____ (Farbar) C:\Documents and Settings\Administrator\Plocha\FRST.exe
2017-01-30 22:43 - 2017-01-30 22:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikacĂ\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2}
2017-01-30 22:42 - 2017-01-30 22:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\IIIQF
2017-01-21 22:46 - 2017-01-21 22:46 - 00000000 ____D C:\ffmpeg
2017-01-17 23:56 - 2017-01-17 23:49 - 00065344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-14 18:22 - 2008-05-12 15:33 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2017-02-14 18:22 - 2008-04-01 11:26 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2017-02-14 18:21 - 2016-04-15 19:59 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-02-14 18:21 - 2008-04-01 11:26 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ
2017-02-14 18:19 - 2014-09-01 22:02 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha\Bar Rafaeli
2017-02-14 17:57 - 2016-04-26 21:23 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 17:55 - 2008-05-23 14:30 - 00144340 _____ C:\WINDOWS\WININIT.INI
2017-02-14 17:42 - 2011-04-15 11:56 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha\m
2017-02-14 17:12 - 2014-07-31 22:55 - 00000000 ____D C:\Documents and Settings\Administrator\Data aplikacĂ\uTorrent
2017-02-14 17:12 - 2008-04-01 14:06 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-02-14 17:10 - 2016-06-20 12:37 - 00000408 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1466422661.job
2017-02-14 17:10 - 2016-05-08 09:55 - 00000464 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1462697710.job
2017-02-14 17:10 - 2016-04-15 19:59 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d19748fcd1494e.job
2017-02-14 17:10 - 2016-03-16 18:28 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2017-02-14 17:10 - 2016-03-13 21:53 - 00000620 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-02-14 17:10 - 2015-11-16 19:18 - 00000338 _____ C:\WINDOWS\Tasks\Wise Care 365.job
2017-02-14 17:10 - 2014-03-27 00:29 - 00000238 _____ C:\WINDOWS\Tasks\Přihlášenà k oznamovánà konce poskytovánà služeb pro Microsoft Windows XP.job
2017-02-14 17:10 - 2008-04-01 17:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-14 17:10 - 2008-04-01 11:35 - 00000000 __SHD C:\WINDOWS\CSC
2017-02-14 17:10 - 2001-10-25 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-02-14 17:07 - 2008-04-01 17:18 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-14 17:06 - 2008-04-01 17:24 - 00010008 ____N C:\WINDOWS\SchedLgU.Txt
2017-02-14 16:44 - 2012-04-26 18:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-02-14 11:28 - 2016-05-29 21:47 - 00000000 ____D C:\Documents and Settings\Administrator\Data aplikacĂ\Audacity
2017-02-13 19:00 - 2015-11-16 19:18 - 00000318 _____ C:\WINDOWS\Tasks\Wise Turbo Checker.job
2017-02-13 16:03 - 2011-05-15 23:44 - 00000000 ____D C:\Documents and Settings\Administrator\dwhelper
2017-02-13 14:35 - 2014-09-01 22:02 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha\Ariana Grande
2017-02-12 21:57 - 2008-04-01 19:02 - 536870912 _____ C:\WINDOWS\MEMORY.DMP
2017-02-09 23:31 - 2008-04-01 19:06 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikacĂ
2017-02-08 15:00 - 2014-03-27 00:29 - 00000232 _____ C:\WINDOWS\Tasks\MÄ›sĂÄŤnĂ oznamovánĂ konce poskytovánĂ sluĹľeb pro Microsoft Windows XP.job
2017-02-08 00:30 - 2016-03-13 21:53 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-02-05 12:22 - 2010-03-12 17:57 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikacĂ\Spybot - Search & Destroy
2017-02-05 02:26 - 2013-01-25 02:12 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2017-02-05 02:26 - 2008-04-01 11:26 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-02-05 02:23 - 2008-04-01 19:08 - 00000000 ___RD C:\Documents and Settings\All Users\NabĂdka Start\Programy
2017-02-05 02:23 - 2008-04-01 11:26 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikacĂ
2017-02-02 13:39 - 2016-03-06 17:23 - 00000000 ____D C:\Program Files\Opera
2017-02-02 01:13 - 2008-08-02 16:21 - 00000000 ____D C:\Program Files\SpeedFan
2017-02-01 10:54 - 2012-12-22 16:48 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha\hrqt
2017-02-01 00:30 - 2016-03-13 21:53 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-01-31 19:07 - 2008-04-01 19:02 - 00000000 ___HD C:\WINDOWS\inf
2017-01-31 19:07 - 2008-04-01 19:02 - 00000000 ____D C:\WINDOWS\system32\ShellExt
2017-01-30 19:38 - 2016-09-03 23:55 - 00000000 _____ C:\Documents and Settings\Administrator\last.dump
2017-01-27 12:40 - 2008-04-01 11:26 - 00000000 ____D C:\Documents and Settings\Administrator
2017-01-27 09:55 - 2008-08-02 16:21 - 00000045 _____ C:\WINDOWS\system32\initdebug.nfo
2017-01-27 08:29 - 2016-11-16 01:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-22 13:22 - 2008-04-07 10:50 - 00060928 _____ C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-22 11:19 - 2008-04-10 23:21 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty\Titulky
2017-01-22 10:52 - 2008-04-10 21:41 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty\Filmy
2017-01-21 22:40 - 2015-11-01 20:56 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha\Complete YouTube Saver
2017-01-21 21:44 - 2014-09-01 22:02 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha\Becca Tobin
==================== Files in the root of some directories =======
2016-03-16 18:35 - 2016-03-16 18:35 - 49070080 _____ () C:\Program Files\GUT8A2.tmp
2010-04-16 21:15 - 2010-04-16 21:08 - 0000368 ____C () C:\Program Files\YoutubeProtectionRemover.js
2010-12-13 12:56 - 2010-12-13 12:56 - 0000019 ____C () C:\Documents and Settings\Administrator\Data aplikacĂ\ClipExtractor-UpdatePerformed.txt
2010-12-13 12:59 - 2011-01-01 01:15 - 0000616 _____ () C:\Documents and Settings\Administrator\Data aplikacĂ\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
2016-03-30 19:53 - 2016-03-30 19:53 - 0000276 _____ () C:\Documents and Settings\Administrator\Data aplikacĂ\Safer-Networking.log
2008-04-07 10:50 - 2017-01-22 13:22 - 0060928 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-30 00:28 - 2010-06-30 00:28 - 0000302 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\DelUnist.bat
2014-07-04 00:09 - 2014-07-04 00:09 - 0005406 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikacĂ\recently-used.xbel
Files to move or delete:
====================
C:\Documents and Settings\Administrator\klient.exe
C:\Documents and Settings\Administrator\Piskvorky2000.bat
Some files in TEMP:
====================
2016-03-30 19:53 - 2016-04-22 19:49 - 0000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d19748fcd1494e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MÄ›sĂÄŤnĂ oznamovánĂ konce poskytovánĂ sluĹľeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1466422661.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Přihlášenà k oznamovánà konce poskytovánà služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1462697710.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Wise Care 365.job => E:\Wise Care 365\WiseTray.exe
Task: C:\WINDOWS\Tasks\Wise Turbo Checker.job => E:\Wise Care 365\WiseTurbo.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
AS: Spy Emergency (Disabled - Up to date) {82117492-906E-4b02-A33A-84D42A2DD907}
FW: Sunbelt Personal Firewall (Disabled) {82B1150E-9B37-49FC-83EB-D52197D900D0}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Administrator\Plocha" je 58938 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Daum\\PotPlayer\\PotPlayerMini.exe"="C:\\Program Files\\Daum\\PotPlayer\\PotPlayerMini.exe:*:Enabled:PotPlayer"
"C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"="C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe:*:Enabled:True Vector"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\Daum\\PotPlayer\\PotPlayerMini.exe"="C:\\Program Files\\Daum\\PotPlayer\\PotPlayerMini.exe:*:Enabled:PotPlayer"
"C:\\Program Files\\Opera\\opera.exe"="C:\\Program Files\\Opera\\opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Documents and Settings\\Administrator\\Data aplikací\\uTorrent\\utorrent.exe"="C:\\Documents and Settings\\Administrator\\Data aplikací\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\Program Files\\Maxthon3\\Bin\\MxUp.exe"="C:\\Program Files\\Maxthon3\\Bin\\MxUp.exe:*:Enabled:MxUp"
"C:\\Program Files\\Maxthon3\\Bin\\Maxthon.exe"="C:\\Program Files\\Maxthon3\\Bin\\Maxthon.exe:*:Enabled:Maxthon"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"
"C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe"="C:\\Program Files\\CheckPoint\\ZoneAlarm\\vsmon.exe:*:Enabled:True Vector"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"8668:TCP"="8668:TCP:*:Enabled:BitComet 8668 TCP"
"8668:UDP"="8668:UDP:*:Enabled:BitComet 8668 UDP"
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Díky
Přispějete na provoz fóra?