Preventívna kontrola druheho pc

Zpráva

Domco · #1 Příspěvek od **Domco** » 06 úno 2016 14:38

zdravím poprosím o preventívku pc mojich starých rodičov

.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by Lubo (administrator) on LUBO-9B4ECF2750 (06-02-2016 14:37:17)
Running from C:\Documents and Settings\Lubo\Plocha
Loaded Profiles: Lubo (Available Profiles: Lubo)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.37\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.37\opera.exe
(forum.viry.cz) C:\Documents and Settings\Lubo\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.119.122.121 217.119.113.244
Tcpip\..\Interfaces\{75AA249E-CBA7-405D-8BF0-F179F81469D7}: [DhcpNameServer] 217.119.122.121 217.119.113.244

Internet Explorer:
==================
HKU\S-1-5-21-343818398-1677128483-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.sk/
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-30] [not signed]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Documents and Settings\Lubo\Data aplikací\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-02-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1983936 2015-11-20] (ESET)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [205800 2015-11-20] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [146024 2015-11-20] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [127496 2015-11-20] (ESET)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Lubo\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 14:37 - 2016-02-06 14:37 - 00006335 _____ C:\Documents and Settings\Lubo\Plocha\FRST.txt
2016-02-06 14:35 - 2016-02-06 14:35 - 01721856 _____ (Farbar) C:\Documents and Settings\Lubo\Plocha\FRST.exe
2016-02-06 14:35 - 2016-02-06 14:35 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Lubo\Plocha\FRSTLauncher.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-12-31 19:19 - 2002-01-03 14:32 - 00000000 ____D C:\WINDOWS\system32
2099-12-31 19:10 - 2014-05-28 14:02 - 00000000 __SHD C:\Documents and Settings\Lubo\Local Settings\Temporary Internet Files
2016-02-06 14:37 - 2014-05-28 14:02 - 00000000 ____D C:\Documents and Settings\Lubo\Plocha
2016-02-06 14:37 - 2014-05-28 14:02 - 00000000 ____D C:\Documents and Settings\Lubo\Local Settings\Temp
2016-02-06 14:36 - 2015-08-19 13:28 - 00000000 ____D C:\FRST
2016-02-06 14:36 - 2014-05-28 14:02 - 00000000 ___HD C:\Documents and Settings\Lubo\Local Settings\Data aplikací
2016-02-06 14:15 - 2014-05-28 14:31 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-06 14:14 - 2015-03-18 18:16 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-06 14:14 - 2014-05-28 14:00 - 00032628 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-06 12:33 - 2014-05-28 13:52 - 00057856 _____ C:\Documents and Settings\Lubo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-06 10:11 - 2015-09-12 13:14 - 00000432 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job
2016-02-06 10:10 - 2015-09-06 12:41 - 00000220 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-02-06 10:10 - 2014-05-28 14:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-05 16:52 - 2014-05-28 14:02 - 00000178 ___SH C:\Documents and Settings\Lubo\ntuser.ini
2016-02-04 18:34 - 2014-05-28 14:14 - 00000000 ____D C:\Documents and Settings\Lubo\Data aplikací\Skype
2016-02-04 18:33 - 2015-12-24 11:42 - 00002273 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2016-02-04 18:32 - 2001-10-25 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-03 17:23 - 2014-08-28 12:46 - 00000000 ____D C:\Program Files\Opera
2016-02-03 17:23 - 2002-01-03 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-02-02 18:24 - 2014-05-28 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Skype
2016-01-13 18:43 - 2015-01-23 11:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 18:37 - 2015-01-23 11:41 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-05-28 13:52 - 2016-02-06 12:33 - 0057856 _____ () C:\Documents and Settings\Lubo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Lubo\Local Settings\Temp\FoxitUpdater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:29.29 GB) (Free:20.21 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:436.46 GB) (Free:429.57 GB) NTFS

Available physical RAM: 317.54 MB
Total physical RAM: 1015.17 MB
Percentage of memory in use: 68%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 465.8 GB) (Disk ID: BC41BC41)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=436.5 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET NOD32 Antivirus 9.0.351.2 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Lubo\Plocha" je 10 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **Márty84** » 07 úno 2016 08:51

Zdravim

Jde ciste jen o prevenci, nebo je i nejaky konkretni problem?

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte ho. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Spustte ho.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Domco · #3 Příspěvek od **Domco** » 10 úno 2016 16:46

Zdravím nie počítač hadže niekedy chybne hlašky niekedy ide pohode potom mi starky vola že zaseje niečo stym ... ten prvý program mi nešiel ale z adw Vám sem log hodím

# AdwCleaner v5.033 - Logfile created 10/02/2016 at 16:46:18
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Lubo - LUBO-9B4ECF2750
# Running from : C:\Documents and Settings\Lubo\Plocha\adwcleaner_5.033.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\WINDOWS\system32\C2MP

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\Reimage.ini

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1099 bytes] ##########

#4 Příspěvek od **Márty84** » 11 úno 2016 08:52

Domco píše:ten prvý program mi nešiel

Tak bude potreba ho nainstalovat...

Stahnete crystal disk info http://www.slunecnice.cz/sw/crystaldiskinfo/
Nainstalujte (pozor na pripadne doplnky, ty odmitnete zrusenim zatrzitka) a spustte. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Udelejte !!!kompletni!!! kontrolu s MBAM http://www.bleepingcomputer.com/downloa ... re/dl/241/ (musite stahnout verzi 1.75, odmitnout upgrade na novejsi verzi a aktualizovat jen virovou databazi) a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce. Navod zde http://forum.viry.cz/viewtopic.php?f=29&t=115222

Domco · #5 Příspěvek od **Domco** » 02 bře 2016 09:25

----------------------------------------------------------------------------
CrystalDiskInfo 6.7.4 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP3 [5.1 Build 2600] (x86)
Date : 2016/03/02 9:25:32

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH7 Family Ultra ATA Storage Controllers - 27DF [ATA]
+ Primární kanál IDE (0)
- HL-DT-ST DVDRAM GSA-H12N
- Sekundární kanál IDE (1)
+ Intel(R) N10/ICH7 Family Serial ATA Storage Controller - 27C0 [ATA]
+ Primární kanál IDE (0)
- WDC WD5000BPKX-00HPJT0
- Sekundární kanál IDE (1)

-- Disk List ---------------------------------------------------------------
(1) WDC WD5000BPKX-00HPJT0 : 500,1 GB [0/1/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD5000BPKX-00HPJT0
----------------------------------------------------------------------------
Model : WDC WD5000BPKX-00HPJT0
Firmware : 01.01A01
Serial Number : WD-WX61AB3L3542
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300 | SATA/600
Power On Hours : 907 hours
Power On Count : 708 count
Temperature : 30 C (86 F)
Health Status : Good
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Read Error Rate
03 194 191 _21 000000000503 Spin-Up Time
04 100 100 __0 0000000002C4 Start/Stop Count
05 200 200 140 000000000000 Reallocated Sectors Count
07 200 200 __0 000000000000 Seek Error Rate
09 _99 _99 __0 00000000038B Power-On Hours
0A 100 100 __0 000000000000 Spin Retry Count
0B 100 100 __0 000000000000 Recalibration Retries
0C 100 100 __0 0000000002C4 Power Cycle Count
C0 200 200 __0 00000000000D Power-off Retract Count
C1 197 197 __0 000000002677 Load/Unload Cycle Count
C2 117 112 __0 00000000001E Temperature
C4 200 200 __0 000000000000 Reallocation Event Count
C5 200 200 __0 000000000000 Current Pending Sector Count
C6 100 253 __0 000000000000 Uncorrectable Sector Count
C7 200 200 __0 000000000000 UltraDMA CRC Error Count
C8 100 253 __0 000000000000 Write Error Rate

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 5758 3631 4142 334C 3335 3432
020: 0000 8000 0032 3031 2E30 3141 3031 5744 4320 5744
030: 3530 3030 4250 4B58 2D30 3048 504A 5430 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 9F0E 0004 004C 0040
080: 01FE 0000 746B 7D69 6123 7469 BC49 6123 207F 002F
090: 002F 0080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 6003 0000 5001 4EE6
110: 598C C951 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16FE 013E 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 70B5 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 103E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 7CA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 00 00 00 00 00 00 00 03 27
010: 00 C2 BF 03 05 00 00 00 00 00 04 32 00 64 64 C4
020: 02 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 C8 C8 00 00 00 00 00 00 00 09 32
040: 00 63 63 8B 03 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 64 64 C4 02 00 00 00 00 00 C0 32
070: 00 C8 C8 0D 00 00 00 00 00 00 C1 32 00 C5 C5 77
080: 26 00 00 00 00 00 C2 22 00 75 70 1E 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 00 00 00 00 00 00 00 C6 30 00 64 FD 00
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 00 00 00 00 00
0C0: 00 00 C8 08 00 64 FD 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 54 24 01 7B
170: 03 00 01 00 02 5E 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 03 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B9

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 C8 C8 C8 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 00 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 00 00 00 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D

Domco · #6 Příspěvek od **Domco** » 02 bře 2016 09:56

Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lubo :: LUBO-9B4ECF2750 [administrátor]

Ochrana: Vypnuté

2. 3. 2016 9:36:58
mbam-log-2016-03-02 (09-36-58).txt

Typ kontroly: Úplná kontrola (C:\|E:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 225126
Uplynutý čas: 20 min, 43 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

#7 Příspěvek od **Márty84** » 02 bře 2016 10:06

MBAM odinstalujte.

Dejte novy log z FRST

A k tomu log z RSIT http://forum.viry.cz/viewtopic.php?f=30&t=130787

Domco · #8 Příspěvek od **Domco** » 13 bře 2016 15:20

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Lubo (administrator) on LUBO-9B4ECF2750 (13-03-2016 15:18:20)
Running from C:\Documents and Settings\Lubo\Plocha
Loaded Profiles: Lubo (Available Profiles: Lubo)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\IPROSetMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.92\opera_crashreporter.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Documents and Settings\Lubo\Plocha\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-10-04] (Realtek Semiconductor Corp.)
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-343818398-1677128483-1606980848-1003\...\Run: [LMADYmon] => "C:\Program Files\Lexmark CX310 Series\LMADYmon.exe"
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.119.122.121 217.119.113.244
Tcpip\..\Interfaces\{75AA249E-CBA7-405D-8BF0-F179F81469D7}: [DhcpNameServer] 217.119.122.121 217.119.113.244

Internet Explorer:
==================
HKU\S-1-5-21-343818398-1677128483-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.sk/
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-30] [not signed]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Documents and Settings\Lubo\Data aplikací\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1983936 2015-11-20] (ESET)
R2 Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [121600 2013-04-05] (Intel Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [205800 2015-11-20] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [146024 2015-11-20] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [127496 2015-11-20] (ESET)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Lubo\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 15:18 - 2016-03-13 15:18 - 01107968 _____ C:\Documents and Settings\Lubo\Plocha\RSIT.exe
2016-03-13 15:18 - 2016-03-13 15:18 - 00006654 _____ C:\Documents and Settings\Lubo\Plocha\FRST.txt
2016-03-13 15:18 - 2016-03-13 15:18 - 00000000 ____D C:\Documents and Settings\Lubo\Plocha\FRST-OlderVersion
2016-03-02 10:05 - 2016-03-02 10:05 - 00000000 ____D C:\Documents and Settings\All Users\LexmarkInstallData
2016-03-02 10:00 - 2016-03-02 10:00 - 00000000 ____D C:\Lexmark
2016-03-02 09:34 - 2016-03-02 09:34 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-02 09:34 - 2016-03-02 09:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-03-02 09:31 - 2016-03-02 09:31 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Lubo\Plocha\mbam-setup-1.75.0.1300.exe
2016-03-02 09:29 - 2016-03-02 09:29 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Lexmark
2016-03-02 09:29 - 2016-03-02 09:29 - 00000000 ____D C:\Documents and Settings\All Users\gn_Logs
2016-03-02 09:29 - 2014-01-21 04:40 - 00442368 _____ ( ) C:\WINDOWS\system32\lexlog.dll
2016-03-02 09:29 - 2013-07-31 03:22 - 01126400 _____ ( ) C:\WINDOWS\system32\LMADYNlang.dll
2016-03-02 09:29 - 2013-07-31 03:20 - 00430080 _____ ( ) C:\WINDOWS\system32\LMADYNcomc.dll
2016-03-02 09:29 - 2013-07-31 03:20 - 00204800 _____ ( ) C:\WINDOWS\system32\LMADYNinpa.dll
2016-03-02 09:28 - 2016-03-02 10:07 - 00217925 _____ C:\WINDOWS\system32\LexFiles.ulf
2016-03-02 09:28 - 2016-03-02 09:29 - 00000000 ____D C:\Program Files\Lexmark CX310 Series
2016-03-02 09:28 - 2016-03-02 09:29 - 00000000 ____D C:\Program Files\Lexmark
2016-03-02 09:27 - 2016-03-02 09:27 - 00000000 ____D C:\Documents and Settings\All Users\ADY
2016-03-02 09:24 - 2016-03-02 09:25 - 00000000 ____D C:\Documents and Settings\Lubo\Plocha\Nová složka
2016-02-29 15:29 - 2016-02-29 15:29 - 00000000 ____D C:\spoolerlogs
2016-02-28 19:14 - 2016-02-28 19:14 - 00001786 _____ C:\Documents and Settings\All Users\Plocha\Foxit Reader.lnk
2016-02-28 19:14 - 2016-02-28 19:14 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Foxit Reader
2016-02-28 19:14 - 2016-02-28 19:14 - 00000000 ____D C:\Documents and Settings\All Users\Foxit Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2099-12-31 19:10 - 2014-05-28 14:02 - 00000000 __SHD C:\Documents and Settings\Lubo\Local Settings\Temporary Internet Files
2016-03-13 15:18 - 2016-02-06 14:35 - 01725440 _____ (Farbar) C:\Documents and Settings\Lubo\Plocha\FRST.exe
2016-03-13 15:18 - 2015-08-19 13:28 - 00000000 ____D C:\FRST
2016-03-13 15:18 - 2014-05-28 14:02 - 00000000 ____D C:\Documents and Settings\Lubo\Plocha
2016-03-13 15:18 - 2014-05-28 14:02 - 00000000 ____D C:\Documents and Settings\Lubo\Local Settings\Temp
2016-03-13 15:17 - 2015-09-12 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2016-03-13 15:17 - 2014-05-28 14:02 - 00000000 ___HD C:\Documents and Settings\Lubo\Local Settings\Data aplikací
2016-03-13 15:17 - 2002-01-03 14:37 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-03-13 15:17 - 2002-01-03 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-03-13 15:15 - 2014-05-28 14:31 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-13 14:06 - 2015-09-12 13:14 - 00000432 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job
2016-03-13 13:58 - 2015-09-06 12:41 - 00000220 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2016-03-13 13:58 - 2014-05-28 14:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-12 19:15 - 2014-05-28 14:02 - 00000178 ___SH C:\Documents and Settings\Lubo\ntuser.ini
2016-03-12 19:15 - 2014-05-28 14:00 - 00032544 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-12 19:14 - 2015-03-18 18:16 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-11 15:48 - 2001-10-25 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-03-07 12:50 - 2014-05-28 13:52 - 00060416 _____ C:\Documents and Settings\Lubo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-04 16:46 - 2014-08-28 12:46 - 00000000 ____D C:\Program Files\Opera
2016-03-03 14:51 - 2014-05-29 11:59 - 00101856 ____C C:\Documents and Settings\Lubo\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2016-03-02 11:22 - 2002-01-03 14:36 - 00398344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-02 10:16 - 2015-01-23 11:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-02 10:09 - 2015-01-23 11:41 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-02 10:05 - 2002-01-03 14:36 - 00000000 ____D C:\Documents and Settings\All Users
2016-03-02 09:29 - 2002-01-03 14:32 - 00000000 ___HD C:\WINDOWS\inf
2016-03-02 09:28 - 2014-05-28 14:14 - 00000000 ____D C:\Documents and Settings\Lubo\Data aplikací\Skype
2016-03-02 09:09 - 2015-12-24 11:42 - 00002273 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk

==================== Files in the root of some directories =======

2014-05-28 13:52 - 2016-03-07 12:50 - 0060416 _____ () C:\Documents and Settings\Lubo\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Lubo\Local Settings\Temp\FoxitUpdater.exe
C:\Documents and Settings\Lubo\Local Settings\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:29.29 GB) (Free:18.71 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:436.46 GB) (Free:429.29 GB) NTFS

Available physical RAM: 242.35 MB
Total physical RAM: 1015.17 MB
Percentage of memory in use: 76%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 465.8 GB) (Disk ID: BC41BC41)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=436.5 GB) - (Type=OF Extended)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET NOD32 Antivirus 9.0.351.2 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Lubo\Plocha" je 32 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Lexmark CX310 Series\\LMADYlscn.exe"="C:\\Program Files\\Lexmark CX310 Series\\LMADYlscn.exe:*:Enabled:Lean Scan"
"C:\\Program Files\\Lexmark CX310 Series\\LMabscw.dll"="C:\\Program Files\\Lexmark CX310 Series\\LMabscw.dll:*:Enabled:Lean Scan"
"C:\\Program Files\\Lexmark\\NetworkTwain\\LMZZZ_32__bc.dll"="C:\\Program Files\\Lexmark\\NetworkTwain\\LMZZZ_32__bc.dll:*:Enabled:Network Twain"
"C:\\Program Files\\Lexmark\\NetworkTwain\\LMzzz_32serv.dll"="C:\\Program Files\\Lexmark\\NetworkTwain\\LMzzz_32serv.dll:*:Enabled:Network Twain"
"C:\\Program Files\\Lexmark\\NetworkTwain\\lextwprotocol.dll"="C:\\Program Files\\Lexmark\\NetworkTwain\\lextwprotocol.dll:*:Enabled:Network Twain"
"C:\\WINDOWS\\twain_32\\Lexmark\\NetworkTwain\\lexnetworkds.ds"="C:\\WINDOWS\\twain_32\\Lexmark\\NetworkTwain\\lexnetworkds.ds:*:Enabled:Network Twain"
"C:\\Documents and Settings\\Lubo\\Local Settings\\Temp\\RarSFX0\\InstallationPackage\\Install\\x86\\InstallGui.exe"="C:\\Documents and Settings\\Lubo\\Local Settings\\Temp\\RarSFX0\\InstallationPackage\\Install\\x86\\InstallGui.exe:*:Enabled:Lexmark Install"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

Domco · #9 Příspěvek od **Domco** » 13 bře 2016 15:22

Logfile of random's system information tool 1.10 (written by random/random)
Run by Lubo at 2016-03-13 15:21:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (64%) free of 30 GB
Total RAM: 1015 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:22:00, on 13. 3. 2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\35.0.2066.92\opera.exe
C:\Program Files\Opera\35.0.2066.92\opera_crashreporter.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Opera\35.0.2066.92\opera.exe
C:\Program Files\Opera\35.0.2066.92\opera.exe
C:\Program Files\Opera\35.0.2066.92\opera.exe
C:\Program Files\Opera\35.0.2066.92\opera.exe
C:\Program Files\Opera\35.0.2066.92\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lubo\Plocha\RSIT.exe
C:\Program Files\trend micro\Lubo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LMADYmon] "C:\Program Files\Lexmark CX310 Series\LMADYmon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab.co ... 5.24.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\WINDOWS\system32\IProsetMonitor.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5182 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe -check pepperplugin
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1442060076.job - C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2013-10-04 20145368]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LMADYmon"=C:\Program Files\Lexmark CX310 Series\LMADYmon.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2012-05-22 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Lexmark CX310 Series\LMADYlscn.exe"="C:\Program Files\Lexmark CX310 Series\LMADYlscn.exe:*:Enabled:Lean Scan"
"C:\Program Files\Lexmark CX310 Series\LMabscw.dll"="C:\Program Files\Lexmark CX310 Series\LMabscw.dll:*:Enabled:Lean Scan"
"C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll"="C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll:*:Enabled:Network Twain"
"C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll"="C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll:*:Enabled:Network Twain"
"C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll"="C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll:*:Enabled:Network Twain"
"C:\WINDOWS\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds"="C:\WINDOWS\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds:*:Enabled:Network Twain"
"C:\Documents and Settings\Lubo\Local Settings\Temp\RarSFX0\InstallationPackage\Install\x86\InstallGui.exe"="C:\Documents and Settings\Lubo\Local Settings\Temp\RarSFX0\InstallationPackage\Install\x86\InstallGui.exe:*:Enabled:Lexmark Install"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll
"vidc.xvid"=xvidvfw.dll
"vidc.lags"=lagarith.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======List of files/folders created in the last 1 month======

2016-03-13 15:21:42 ----D---- C:\Program Files\trend micro
2016-03-13 15:21:41 ----D---- C:\rsit
2016-03-02 10:00:49 ----D---- C:\Lexmark
2016-03-02 09:34:28 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2016-03-02 09:29:35 ----A---- C:\WINDOWS\system32\LMADYNcomc.dll
2016-03-02 09:29:34 ----A---- C:\WINDOWS\system32\LMADYNlang.dll
2016-03-02 09:29:34 ----A---- C:\WINDOWS\system32\LMADYNinpa.dll
2016-03-02 09:29:14 ----A---- C:\WINDOWS\system32\lexlog.dll
2016-03-02 09:28:38 ----D---- C:\Program Files\Lexmark
2016-03-02 09:28:20 ----D---- C:\Program Files\Lexmark CX310 Series
2016-02-29 15:29:17 ----D---- C:\spoolerlogs

======List of files/folders modified in the last 1 month======

2016-03-13 15:21:42 ----RD---- C:\Program Files
2016-03-13 15:19:25 ----D---- C:\FRST
2016-03-13 15:19:05 ----D---- C:\WINDOWS
2016-03-13 15:18:34 ----D---- C:\WINDOWS\Temp
2016-03-13 15:17:52 ----D---- C:\WINDOWS\system32\CatRoot2
2016-03-13 15:17:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2016-03-13 15:17:15 ----D---- C:\WINDOWS\system32\drivers
2016-03-12 19:15:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2016-03-04 16:46:36 ----D---- C:\Program Files\Opera
2016-03-03 14:06:35 ----SD---- C:\WINDOWS\Tasks
2016-03-02 10:16:34 ----D---- C:\WINDOWS\system32\MRT
2016-03-02 10:09:25 ----A---- C:\WINDOWS\system32\MRT.exe
2016-03-02 09:29:41 ----D---- C:\WINDOWS\system32
2016-03-02 09:29:37 ----HD---- C:\WINDOWS\inf
2016-03-02 09:28:55 ----D---- C:\Documents and Settings\Lubo\Data aplikací\Skype
2016-03-02 09:28:38 ----RSD---- C:\WINDOWS\Fonts
2016-03-02 09:28:34 ----D---- C:\WINDOWS\twain_32
2016-02-28 19:13:24 ----D---- C:\WINDOWS\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 eamonm;eamonm; C:\WINDOWS\system32\DRIVERS\eamonm.sys [2015-11-20 205800]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2015-11-20 146024]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2015-11-20 127496]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2012-05-22 60800]
R3 e1express;Intel(R) PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2012-10-30 254336]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2013-10-22 5578456]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2012-05-22 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2012-05-22 61824]
R3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 cpuz134;cpuz134; \??\C:\DOCUME~1\Lubo\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2012-05-22 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2012-05-22 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2015-11-20 1983936]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\WINDOWS\system32\IProsetMonitor.exe [2013-04-05 121600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-30 269504]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 Příspěvek od **Márty84** » 13 bře 2016 20:27

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

2016-03-02 09:34 - 2016-03-02 09:34 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-02 09:34 - 2016-03-02 09:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-03-02 09:31 - 2016-03-02 09:31 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Lubo\Plocha\mbam-setup-1.75.0.1300.exe
2016-03-13 15:17 - 2015-09-12 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Domco · #11 Příspěvek od **Domco** » 23 bře 2016 14:04

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Lubo (2016-03-23 14:02:47) Run:1
Running from C:\Documents and Settings\Lubo\Plocha
Loaded Profiles: Lubo (Available Profiles: Lubo)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

2016-03-02 09:34 - 2016-03-02 09:34 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-02 09:34 - 2016-03-02 09:34 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware
2016-03-02 09:31 - 2016-03-02 09:31 - 10284816 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Lubo\Plocha\mbam-setup-1.75.0.1300.exe
2016-03-13 15:17 - 2015-09-12 14:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => value removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Program Files\Malwarebytes Anti-Malware => moved successfully
C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes Anti-Malware => moved successfully
"C:\Documents and Settings\Lubo\Plocha\mbam-setup-1.75.0.1300.exe" => not found.
C:\Program Files\Malwarebytes' Anti-Malware => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => moved successfully
C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1442060076.job => moved successfully
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => moved successfully
SkypeUpdate => service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 535.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 14:03:50 ====

#12 Příspěvek od **Márty84** » 23 bře 2016 14:50

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak to s pc vypada.

Domco · #13 Příspěvek od **Domco** » 24 bře 2016 11:08

# DelFix v1.012 - Logfile created 24/03/2016 at 11:09:19
# Updated 04/03/2015 by Xplode
# Username : Lubo - LUBO-9B4ECF2750
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\RSIT
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Lubo\Plocha\FRST-OlderVersion
Deleted : C:\Documents and Settings\Lubo\Plocha\Addition.txt
Deleted : C:\Documents and Settings\Lubo\Plocha\adwcleaner_5.033.exe
Deleted : C:\Documents and Settings\Lubo\Plocha\Fixlog.txt
Deleted : C:\Documents and Settings\Lubo\Plocha\FRST.exe
Deleted : C:\Documents and Settings\Lubo\Plocha\FRST.txt
Deleted : C:\Documents and Settings\Lubo\Plocha\RSIT.exe
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - #########

Domco · #14 Příspěvek od **Domco** » 24 bře 2016 11:58

nastalo zlepšenie

spúšta sa rýchlejšie , rýchlejšie načitáva v pohode zatial

diky moc

Domco · #15 Příspěvek od **Domco** » 24 bře 2016 14:50

toto mi vždy vyhodí už mám na to nervy

VIRY.CZ

Preventívna kontrola druheho pc

Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc

Re: Preventívna kontrola druheho pc