Prosím o kontrolu ...

[Domco]

Zdravím na mamčinom notebooku neni niečo v pohode seka aj youtube a ine srandy no pome k veci robil som cez FRST zapnem scanuje a zrazu error otvori prazdny text dokument a napisane end of log wtf ? ... pridavam screen do prilohy potom scanuje error aplications a vypluvne zložku FRST3.txt tu ho prikladam zvlaštne ešte sa mi to nestalo :
FRST.txt


==================== End of FRST.txt ============================



FRST3.txt


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by Amos (administrator) on ACER-9B8A28C521 (19-02-2016 00:46:14)
Running from C:\Documents and Settings\Amos\Desktop
Loaded Profiles: Amos (Available Profiles: Amos)
Platform: Systém Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: Angličtina (USA)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(forum.viry.cz) C:\Documents and Settings\Amos\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17529856 2009-02-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-01-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1430824 2009-02-05] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [M3000Mnt] => Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17146504 2012-01-31] (Skype Technologies S.A.)
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\MountPoints2: {707dac96-75d5-11e1-8af3-00235ade4e29} - D:\AutoRun.exe
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\MountPoints2: {707dac97-75d5-11e1-8af3-00235ade4e29} - D:\AutoRun.exe
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\MountPoints2: {707dac9d-75d5-11e1-8af3-00235ade4e29} - D:\AutoRun.exe
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\MountPoints2: {a06506d8-eb6c-11df-8a85-00235ade4e29} - D:\AutoRun.exe
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\MountPoints2: {a06506db-eb6c-11df-8a85-00235ade4e29} - D:\AutoRun.exe
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\MountPoints2: {bf148956-72ab-11e1-8af0-00235ade4e29} - D:\AutoRun.exe
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\...\MountPoints2: {bf14895a-72ab-11e1-8af0-00235ade4e29} - D:\AutoRun.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk [2009-03-16]
ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2010-07-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{96D9E8C6-2AD8-4D9A-8CD9-B4C9AB2BD228}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&s=0&o=xph&d=0710&m=aspire_one
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&s=0&o=xph&d=0710&m=aspire_one
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.sk/
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2136417557-473866232-3689853989-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&s=0&o=xph&d=0710&m=aspire_one
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2136417557-473866232-3689853989-1005 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACAW
SearchScopes: HKU\S-1-5-21-2136417557-473866232-3689853989-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={s ... lz=1I7ACAW
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Pomocník pri prihlasovaní v sieti Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18] (Microsoft Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1407484851904
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Amos\Application Data\Mozilla\Firefox\Profiles\0u98gn8o.default
FF Homepage: hxxps://www.facebook.com/?_rdr
about:preferences#general
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll [2008-12-03] (mozilla.org)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-07-29] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-branding.js [2008-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox-l10n.js [2008-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\firefox.js [2008-12-02]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\reporter.js [2008-12-02]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.sk/"
CHR Profile: C:\Documents and Settings\Amos\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Amos\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-30]
CHR Extension: (Disk Google) - C:\Documents and Settings\Amos\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-15]
CHR Extension: (YouTube) - C:\Documents and Settings\Amos\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-15]
CHR Extension: (Hľadať v Google) - C:\Documents and Settings\Amos\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-15]
CHR Extension: (Peňaženka Google) - C:\Documents and Settings\Amos\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Amos\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1983936 2015-11-20] (ESET)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [237568 2009-02-05] (Acer Incorporated) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2008-04-14] (Microsoft Corporation)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1344224 2009-02-25] (Atheros Communications, Inc.)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [539576 2007-11-05] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37424 2007-03-23] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [879528 2007-11-05] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156392 2007-06-29] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [55352 2007-03-31] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [74656 2007-08-27] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [205800 2015-11-20] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [146024 2015-11-20] (ESET)
R2 ekbdflt; C:\WINDOWS\System32\DRIVERS\ekbdflt.sys [111040 2015-11-20] (ESET)
R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [161992 2015-11-20] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [47168 2015-11-20] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [69816 2015-11-20] (ESET)
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
R3 M3000Srv; C:\WINDOWS\System32\Drivers\M3000KNT.sys [145408 2009-01-02] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S1 DritekPortIO; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 int15.sys; \??\c:\acernb\int15.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 00:46 - 2016-02-19 00:46 - 00014945 _____ C:\Documents and Settings\Amos\Desktop\FRST.txt
2016-02-19 00:38 - 2016-02-19 00:46 - 00000000 ____D C:\FRST
2016-02-19 00:37 - 2016-02-19 00:37 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Amos\Desktop\FRSTLauncher.exe
2016-02-19 00:34 - 2016-02-19 00:34 - 01722368 _____ (Farbar) C:\Documents and Settings\Amos\Desktop\FRST.exe
2016-02-12 18:25 - 2016-02-13 22:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-27 16:18 - 2016-02-19 00:36 - 00000000 ____D C:\Documents and Settings\Amos\Desktop\Moja práca

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 00:46 - 2010-07-28 12:13 - 00000000 ____D C:\Documents and Settings\Amos\Local Settings\Temp
2016-02-19 00:43 - 2009-03-16 17:23 - 00000000 ___HD C:\WINDOWS\inf
2016-02-19 00:29 - 2016-01-01 12:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-18 23:57 - 2013-04-21 09:56 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-18 21:51 - 2012-03-30 22:14 - 00000000 ____D C:\Documents and Settings\Amos\Application Data\Skype
2016-02-18 21:34 - 2014-08-12 09:26 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-02-18 21:34 - 2013-04-21 09:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-18 21:34 - 2009-03-17 01:18 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-18 21:34 - 2009-03-16 16:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-18 01:08 - 2010-07-28 12:13 - 00000178 ___SH C:\Documents and Settings\Amos\ntuser.ini
2016-02-18 01:08 - 2009-03-16 16:38 - 00032594 _____ C:\WINDOWS\SchedLgU.Txt
2016-02-14 21:47 - 2015-06-04 15:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-10 20:45 - 2014-08-12 08:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 20:21 - 2010-07-29 10:10 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-09 23:29 - 2016-01-01 12:34 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-09 23:29 - 2016-01-01 12:34 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-02 02:40 - 2010-07-28 12:13 - 00000000 ____D C:\Documents and Settings\Amos
2016-01-27 18:28 - 2015-06-04 16:44 - 00000000 ____D C:\Documents and Settings\Amos\Desktop\email

==================== Files in the root of some directories =======

2011-07-09 21:47 - 2014-04-05 08:28 - 0046592 _____ () C:\Documents and Settings\Amos\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Amos\Local Settings\Temp\DataCard_Setup.exe
C:\Documents and Settings\Amos\Local Settings\Temp\ResetDevice.exe
C:\Documents and Settings\Default User\Local Settings\Temp\0186321237222306mcinst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7091055F
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:798A3728
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:93C494CA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:94213A87
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9AB56A06
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379

==================== Security Center ==================

AV: ESET Smart Security 9.0.351.2 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personálny firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Amos\Desktop" je 104 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001


==================== End Of Log ==============================

[JaRon]

ahoj,
1. nainstaluj MSIE8 aj ked ho nepouzivas
2. vycisti PC s CCleanerom
napis, aky je stav

[Domco]

stale to seká

[JaRon]

Prescanuj PC s MBAM verzia 1.75

[Domco]

Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Amos :: ACER-9B8A28C521 [administrátor]

Ochrana: Zapnuté

20.2.2016 21:06:09
MBAM-log-2016-02-20 (21-41-17).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 230539
Uplynutý čas: 34 min, 35 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Škodlivý: (1) Dobrý: (0) -> Žiadna úloha nevykonaná.

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

[JaRon]

prescanuj este s RK http://forum.viry.cz/viewtopic.php?f=24&t=120452

[Domco]

to mi nejde

[JaRon]

citat:
Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

[Domco]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Microsoft Windows XP x86
Ran by Amos (Administrator) on ne 13.11.2016 at 3:33:08,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 24

Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1HOVQCGB (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\33ME2OTC (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3M597NXA (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6GKBVN5P (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP29M5CD (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CVXBQG08 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DIIANY3R (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EHSZZK2H (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9AH0D2F (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P9GJZZJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QNANFWGS (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZMYO7UIJ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1HOVQCGB (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\33ME2OTC (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3M597NXA (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6GKBVN5P (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CP29M5CD (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CVXBQG08 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DIIANY3R (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EHSZZK2H (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K9AH0D2F (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\P9GJZZJ7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QNANFWGS (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZMYO7UIJ (Temporary Internet Files Folder)



Registry: 1
A
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 13.11.2016 at 3:40:44,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~