Preventívka- prosím o kontrolu

[Domco]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by Lubo (administrator) on LUBO-9B4ECF2750 (19-08-2015 14:28:57)
Running from C:\Documents and Settings\Lubo\Plocha
Loaded Profiles: Lubo (Available Profiles: Lubo)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.174\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files\Opera\31.0.1889.174\opera.exe
(forum.viry.cz) C:\Documents and Settings\Lubo\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5089480 2015-07-08] (ESET)
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-343818398-1677128483-1606980848-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53736048 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-343818398-1677128483-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.sk/
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Tcpip\Parameters: [DhcpNameServer] 217.119.122.121 217.119.113.244
Tcpip\..\Interfaces\{75AA249E-CBA7-405D-8BF0-F179F81469D7}: [DhcpNameServer] 217.119.122.121 217.119.113.244

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-23]

Opera:
=======
OPR StartupUrls: "hxxp://centrum.sk/"

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1353720 2015-07-08] (ESET)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [202704 2015-07-14] (ESET)
S0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [199608 2015-07-14] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [144536 2015-07-14] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [129544 2015-07-14] (ESET)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 cpuz134; \??\C:\DOCUME~1\Lubo\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 14:28 - 2015-08-19 14:29 - 00006844 _____ C:\Documents and Settings\Lubo\Plocha\FRST.txt
2015-08-19 14:28 - 2015-08-19 14:29 - 00000000 ____D C:\FRST
2015-08-19 14:27 - 2015-08-19 14:27 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Lubo\Plocha\FRSTLauncher.exe
2015-08-19 14:27 - 2015-08-19 14:26 - 01677312 _____ (Farbar) C:\Documents and Settings\Lubo\Plocha\FRST.exe
2015-08-19 13:54 - 2015-08-19 13:54 - 00000000 ____D C:\WINDOWS\LastGood
2015-08-19 13:53 - 2015-08-19 13:53 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\ESET
2015-08-19 13:53 - 2015-08-19 13:53 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ESET
2015-08-19 13:34 - 2015-08-19 13:44 - 00002273 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2015-08-19 13:34 - 2015-08-19 13:34 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-08-19 13:34 - 2015-08-19 13:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Skype
2015-08-19 13:33 - 2015-08-19 13:34 - 00000000 ___RD C:\Program Files\Skype
2015-08-19 13:30 - 2015-08-19 13:30 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-08-19 13:15 - 2015-08-19 13:23 - 00040995 _____ C:\WINDOWS\setupapi.log
2015-08-19 13:15 - 2015-08-19 13:15 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-19 13:15 - 2015-08-19 13:15 - 00000000 _____ C:\WINDOWS\setupact.log
2015-08-08 12:46 - 2015-08-08 12:46 - 00001786 _____ C:\Documents and Settings\All Users\Plocha\Foxit Reader.lnk
2015-08-08 12:46 - 2015-08-08 12:46 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Foxit Reader
2015-08-08 12:46 - 2015-08-08 12:46 - 00000000 ____D C:\Documents and Settings\All Users\Foxit Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 14:29 - 2014-05-28 15:02 - 00000000 ____D C:\Documents and Settings\Lubo\Local Settings\Temp
2015-08-19 14:28 - 2014-05-28 15:02 - 00000000 ____D C:\Documents and Settings\Lubo\Plocha
2015-08-19 14:27 - 2014-05-28 15:02 - 00000000 ___HD C:\Documents and Settings\Lubo\Local Settings\Data aplikací
2015-08-19 14:17 - 2014-05-28 14:53 - 02095829 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-19 14:15 - 2014-05-28 15:31 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-19 13:53 - 2015-01-09 11:38 - 00000000 ____D C:\Program Files\ESET
2015-08-19 13:53 - 2002-01-03 15:37 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-08-19 13:53 - 2002-01-03 15:37 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-08-19 13:48 - 2014-05-28 15:14 - 00000000 ____D C:\Documents and Settings\Lubo\Data aplikací\Skype
2015-08-19 13:34 - 2014-05-28 15:14 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2015-08-19 13:34 - 2002-01-03 15:37 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-08-19 13:24 - 2014-08-28 13:46 - 00000416 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1409226367.job
2015-08-19 13:24 - 2014-05-28 15:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-19 13:24 - 2002-01-03 15:42 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-19 13:24 - 2002-01-03 15:42 - 00000051 _____ C:\WINDOWS\wiaservc.log
2015-08-19 13:23 - 2014-05-28 15:02 - 00000178 ___SH C:\Documents and Settings\Lubo\ntuser.ini
2015-08-19 13:23 - 2014-05-28 15:00 - 00032622 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-18 18:35 - 2014-08-28 13:46 - 00000000 ____D C:\Program Files\Opera
2015-08-18 18:34 - 2001-10-25 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-14 19:15 - 2014-05-28 15:31 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-14 19:15 - 2014-05-28 15:31 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-13 11:09 - 2015-02-06 17:25 - 00000000 ____D C:\Documents and Settings\Lubo\Local Settings\Data aplikací\Adobe
2015-08-13 11:06 - 2015-01-23 12:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-13 11:01 - 2015-01-23 12:41 - 129304528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-08 12:41 - 2014-09-22 18:05 - 00000682 _____ C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2015-08-08 12:41 - 2014-09-22 18:05 - 00000000 ____D C:\Program Files\CCleaner
2015-08-08 12:41 - 2014-05-28 15:02 - 00000000 ____D C:\Documents and Settings\Lubo
2015-08-01 19:14 - 2015-03-18 19:16 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-07-31 19:43 - 2014-05-28 14:52 - 00050688 _____ C:\Documents and Settings\Lubo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2014-05-28 14:52 - 2015-07-31 19:43 - 0050688 _____ () C:\Documents and Settings\Lubo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Lubo\Local Settings\Temp\FoxitUpdater.exe
C:\Documents and Settings\Lubo\Local Settings\Temp\InstHelper.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1409226367.job => C:\Program Files\Opera\launcher.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Lubo\Plocha" je 10 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[JaRon]

log je OK

[Domco]

ano ? .... pretože sa mi stáva to že zapnem skype ... a stane sa to že ked kliknem na kontakty tak to začne nejako blbnut zmizne horna lišta s minimalizovanim a aj s červenym x potom kliknem na prehliadač a neotvorí ho

[JaRon]

je ten OS legalny

[Domco]

je to stare xp .

[JaRon]

vloz do CD mechaniky instalacku XP a spust s príkazového riadku sfc /scannow

[Domco]

bohužial nemám cd s win xp už

[JaRon]

prescanuj PC s MBAM v 1.75

[Domco]

Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lubo :: LUBO-9B4ECF2750 [administrátor]

Ochrana: Vypnuté

12. 9. 2015 15:39:38
mbam-log-2015-09-12 (15-39-38).txt

Typ kontroly: Úplná kontrola (C:\|E:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 216450
Uplynutý čas: 11 min, 55 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)