Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2016
Ran by Lubo (administrator) on LUBO-9B4ECF2750 (30-11-2016 14:43:19)
Running from C:\Documents and Settings\Lubo\Plocha
Loaded Profiles: Lubo (Available Profiles: Lubo)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(forum.viry.cz) C:\Documents and Settings\Lubo\Plocha\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-343818398-1677128483-1606980848-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7045848 2016-11-15] (Piriform Ltd)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 217.119.122.121 217.119.113.244
Tcpip\..\Interfaces\{75AA249E-CBA7-405D-8BF0-F179F81469D7}: [DhcpNameServer] 217.119.122.121 217.119.113.244
Internet Explorer:
==================
HKU\S-1-5-21-343818398-1677128483-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.sk/
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-30] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-18] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Documents and Settings\Lubo\Data aplikací\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-10-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1983936 2015-11-20] (ESET)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [205800 2015-11-20] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [146024 2015-11-20] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [127496 2015-11-20] (ESET)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Lubo\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-04-25 16:09 - 2139-04-25 16:09 - 00000000 ____D C:\Documents and Settings\Lubo\Local Settings\Data aplikací\VS Revo Group
2099-04-25 16:09 - 2139-04-25 16:09 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\VS Revo Group
2099-04-25 15:52 - 2016-04-25 17:36 - 00332838 _____ C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
2099-04-25 15:50 - 2139-04-25 15:50 - 00000000 ____D C:\Documents and Settings\All Users\Kaspersky Lab Setup Files
2016-11-30 14:43 - 2016-11-30 14:43 - 00005811 _____ C:\Documents and Settings\Lubo\Plocha\FRST.txt
2016-11-30 14:43 - 2016-11-30 14:43 - 00000000 ____D C:\FRST
2016-11-30 14:42 - 2016-11-30 14:41 - 01761280 _____ (Farbar) C:\Documents and Settings\Lubo\Plocha\FRST.exe
2016-11-30 14:42 - 2016-11-30 14:41 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Lubo\Plocha\FRSTLauncher.exe
2016-11-18 11:41 - 2016-11-18 11:41 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-18 11:41 - 2016-11-18 11:41 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-11-18 11:41 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-18 11:41 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-07 18:23 - 2016-11-07 18:23 - 00000000 ____D C:\Program Files\Common Files\Skype
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2099-04-25 16:09 - 2002-01-03 14:37 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2099-04-25 15:54 - 2015-01-09 10:38 - 00000000 ____D C:\Program Files\ESET
2099-04-25 15:50 - 2002-01-03 14:36 - 00000000 ____D C:\Documents and Settings\All Users
2016-11-30 14:43 - 2014-05-28 14:02 - 00000000 ____D C:\Documents and Settings\Lubo\Plocha
2016-11-30 14:43 - 2014-05-28 14:02 - 00000000 ____D C:\Documents and Settings\Lubo\Local Settings\Temp
2016-11-30 14:42 - 2014-05-28 14:02 - 00000000 ___HD C:\Documents and Settings\Lubo\Local Settings\Data aplikací
2016-11-30 14:33 - 2016-04-06 18:26 - 00000432 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job
2016-11-30 14:33 - 2014-08-28 12:46 - 00000000 ____D C:\Program Files\Opera
2016-11-30 14:33 - 2014-05-28 14:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-29 19:47 - 2014-05-28 14:02 - 00000178 ___SH C:\Documents and Settings\Lubo\ntuser.ini
2016-11-29 19:47 - 2014-05-28 14:00 - 00032564 _____ C:\WINDOWS\SchedLgU.Txt
2016-11-27 18:20 - 2001-10-25 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-11-26 18:52 - 2014-05-28 14:14 - 00000000 ____D C:\Documents and Settings\Lubo\Data aplikací\Skype
2016-11-26 17:37 - 2015-12-24 11:42 - 00002273 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2016-11-24 19:26 - 2014-05-28 13:52 - 00062976 _____ C:\Documents and Settings\Lubo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-18 11:44 - 2002-01-03 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-11-18 11:41 - 2002-01-03 14:37 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-11-18 11:38 - 2014-05-28 14:02 - 00000000 ____D C:\Documents and Settings\Lubo
2016-11-18 11:37 - 2016-03-24 11:08 - 00000682 _____ C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2016-11-07 18:23 - 2015-12-24 11:42 - 00000000 ___RD C:\Program Files\Skype
2016-11-07 18:23 - 2014-05-28 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
==================== Files in the root of some directories =======
2014-05-28 13:52 - 2016-11-24 19:26 - 0062976 _____ () C:\Documents and Settings\Lubo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-27 12:14 - 2016-03-27 12:15 - 0000775 _____ () C:\Documents and Settings\All Users\LexFiles.usr
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
Available physical RAM: 589.39 MB
Total physical RAM: 1015.17 MB
Percentage of memory in use: 41%
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job => C:\Program Files\Opera\launcher.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET NOD32 Antivirus 9.0.351.2 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Lubo\Plocha" je 10 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Lexmark CX310 Series\\LMADYlscn.exe"="C:\\Program Files\\Lexmark CX310 Series\\LMADYlscn.exe:*:Enabled:Lean Scan"
"C:\\Program Files\\Lexmark CX310 Series\\LMabscw.dll"="C:\\Program Files\\Lexmark CX310 Series\\LMabscw.dll:*:Enabled:Lean Scan"
"C:\\Program Files\\Lexmark\\NetworkTwain\\LMZZZ_32__bc.dll"="C:\\Program Files\\Lexmark\\NetworkTwain\\LMZZZ_32__bc.dll:*:Enabled:Network Twain"
"C:\\Program Files\\Lexmark\\NetworkTwain\\LMzzz_32serv.dll"="C:\\Program Files\\Lexmark\\NetworkTwain\\LMzzz_32serv.dll:*:Enabled:Network Twain"
"C:\\Program Files\\Lexmark\\NetworkTwain\\lextwprotocol.dll"="C:\\Program Files\\Lexmark\\NetworkTwain\\lextwprotocol.dll:*:Enabled:Network Twain"
"C:\\WINDOWS\\twain_32\\Lexmark\\NetworkTwain\\lexnetworkds.ds"="C:\\WINDOWS\\twain_32\\Lexmark\\NetworkTwain\\lexnetworkds.ds:*:Enabled:Network Twain"
"C:\\Documents and Settings\\Lubo\\Local Settings\\Temp\\RarSFX0\\InstallationPackage\\Install\\x86\\InstallGui.exe"="C:\\Documents and Settings\\Lubo\\Local Settings\\Temp\\RarSFX0\\InstallationPackage\\Install\\x86\\InstallGui.exe:*:Enabled:Lexmark Install"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
Přispějete na provoz fóra?