Virus v operacnej pamati

[toomas]

Mam virus v operacnej pamati,
vypisuje mi:
Operačná pamäť » EXPLORER.EXE(252) - variant infiltrácie Win32/Gataka.B trójsky kôň - nemožno liečiť

Mozte mi prosim s tym pomoct?

Tomas

[Rudy]

Zkusíme to. Dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 .

[toomas]

Logfile of random's system information tool 1.09 (written by random/random)
Run by toomas at 2012-07-22 17:31:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (21%) free of 30 GB
Total RAM: 1976 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:31:54, on 22.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.1.3\ScriptHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Emsisoft Anti-Malware\a2wizard.exe
D:\Programy\totalcmd\TOTALCMD.EXE
D:\Programy\RSIT.exe
C:\Program Files\trend micro\toomas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={19840DBC- ... 2012-07-19 21:12:50&v=12.1.0.20&sap=hp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [emsisoft anti-malware] "C:\Program Files\Emsisoft Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UpgradeHelper] C:\Documents and Settings\toomas\Application Data\Opera\{F4189C48-C5CB-4B5A-8334-57F575C68E53}\UpgradeHelper.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: vToolbarUpdater12.1.3 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe

--
End of file - 7276 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\SpeedyPC Pro.job
C:\WINDOWS\tasks\SpeedyPC Update Version3.job
C:\WINDOWS\tasks\SpeedyPC Registration3.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\toomas\Application Data\Mozilla\Firefox\Profiles\fr6ukh8x.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.1.0.20\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browsercomps.dll
binary.manifest

C:\Program Files\Mozilla Firefox\searchplugins\
zoznam-sk.xml
wikipedia-sk.xml
slovnik-sk.xml
google.xml
eBay.xml
dunaj-sk.xml
azet-sk.xml
atlas-sk.xml
avg-secure-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll [2012-07-19 2086496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll [2012-07-19 2086496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-09-09 176128]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2009-02-12 357400]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-12-03 136216]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-12-03 170008]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-12-03 145432]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 3117344]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-07-19 1147488]
"emsisoft anti-malware"=C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [2012-06-17 3367328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"UpgradeHelper"=C:\Documents and Settings\toomas\Application Data\Opera\{F4189C48-C5CB-4B5A-8334-57F575C68E53}\UpgradeHelper.exe [2012-07-20 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-08-19 214016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\StrongDC++\StrongDC.exe"="C:\Program Files\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\KN_StrongDC\StrongDC.exe"="C:\Program Files\KN_StrongDC\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-07-22 17:31:36 ----D---- C:\Program Files\trend micro
2012-07-22 17:31:33 ----D---- C:\rsit
2012-07-22 17:09:37 ----D---- C:\Program Files\Emsisoft Anti-Malware
2012-07-22 16:24:52 ----D---- C:\Documents and Settings\toomas\Application Data\SpeedyPC Software
2012-07-22 16:24:52 ----D---- C:\Documents and Settings\toomas\Application Data\DriverCure
2012-07-22 16:24:45 ----D---- C:\Program Files\Common Files\SpeedyPC Software
2012-07-22 16:24:44 ----D---- C:\Program Files\SpeedyPC Software
2012-07-22 16:24:44 ----D---- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
2012-07-22 15:53:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-07-22 15:53:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-22 15:48:59 ----SD---- C:\32788R22FWJFW
2012-07-22 15:44:28 ----HD---- C:\WINDOWS\$NtUninstallKB942288-v3$
2012-07-21 17:38:44 ----D---- C:\cmdcons
2012-07-21 17:37:58 ----SD---- C:\ComboFix
2012-07-21 17:31:52 ----A---- C:\WINDOWS\zip.exe
2012-07-21 17:31:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-07-21 17:31:52 ----A---- C:\WINDOWS\SWSC.exe
2012-07-21 17:31:52 ----A---- C:\WINDOWS\SWREG.exe
2012-07-21 17:31:52 ----A---- C:\WINDOWS\sed.exe
2012-07-21 17:31:52 ----A---- C:\WINDOWS\PEV.exe
2012-07-21 17:31:52 ----A---- C:\WINDOWS\NIRCMD.exe
2012-07-21 17:31:52 ----A---- C:\WINDOWS\MBR.exe
2012-07-21 17:31:52 ----A---- C:\WINDOWS\grep.exe
2012-07-21 17:31:09 ----D---- C:\WINDOWS\ERDNT
2012-07-21 17:30:31 ----D---- C:\Qoobox
2012-07-20 20:08:34 ----D---- C:\Documents and Settings\toomas\Application Data\TeamViewer
2012-07-20 20:08:34 ----D---- C:\Documents and Settings\toomas\Application Data\Opera
2012-07-19 21:12:58 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-07-19 21:12:51 ----D---- C:\Documents and Settings\toomas\Application Data\AVG Secure Search
2012-07-19 21:12:49 ----A---- C:\WINDOWS\system32\drivers\avgtpx86.sys
2012-07-19 21:12:45 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-07-19 21:12:43 ----D---- C:\Program Files\AVG Secure Search
2012-07-19 21:12:10 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2012-07-19 21:12:03 ----D---- C:\Program Files\pazera-software
2012-07-19 20:43:08 ----D---- C:\Documents and Settings\toomas\Application Data\ImTOO Software Studio
2012-07-19 20:42:42 ----D---- C:\Program Files\ImTOO
2012-07-19 19:48:43 ----D---- C:\Program Files\Hazem Osman
2012-07-12 12:16:32 ----HD---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-12 12:16:27 ----HD---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-12 12:16:23 ----HD---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-12 12:16:18 ----HD---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-12 12:16:11 ----HD---- C:\WINDOWS\$NtUninstallKB2698365$

======List of files/folders modified in the last 1 month======

2012-07-22 17:31:18 ----A---- C:\WINDOWS\WINCMD.INI
2012-07-22 16:54:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-22 16:15:24 ----SH---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys []
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-03-14 160816]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2012-03-14 104160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2009-08-10 13952]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2009-09-09 154672]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2010-05-07 833392]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2009-06-23 40832]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2009-06-30 986240]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2009-06-30 210304]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-08-19 2012096]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-11-18 26608]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2010-04-05 6601216]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
R3 tpm;tpm; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-03-26 13824]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2009-06-30 731264]
S3 a2acc;a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys []
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 26568]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x86\Sandra.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2012-06-17 3069752]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-03-07 913144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-03-05 862480]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-11-18 38248]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-03-05 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2010-03-05 954368]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-02-12 2058776]
R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-07-19 830048]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-02-20 651720]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Včera jste dělal sken ComboFix. Po takovém skenu v RSIT nenajdu nic. Dejte log CF, najdte ho v c:\combofix.txt.

[toomas]

subor combofix.txt som na "C" nenasiel. Scan Nebol dokonceny, zamrzol

https://www.vutbr.cz/www_base/gigadisk.php?i=71025a4c1

[Rudy]

Proveďte tedy nový sken CF (pro jistotu v nouz. režimu) a dejte log.

[toomas]

ComboFix 12-07-21.01 - toomas 22.07.2012 21:52:07.1.2 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1976.1328 [GMT 2:00]
Running from: D:\Programy\ComboFix.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


The following files were disabled during the run:
C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
C:\WINDOWS\Downloaded Program Files\IDropPTB.dll
C:\WINDOWS\system32\MUI\041b\tourstart.exe


((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))


2012-07-22 15:31:36 . 2012-07-22 15:31:38 -------- d-----w- C:\Program Files\trend micro
2012-07-22 15:31:33 . 2012-07-22 15:31:34 -------- d-----w- C:\rsit
2012-07-22 15:09:37 . 2012-07-22 15:09:38 -------- d-----w- C:\Program Files\Emsisoft Anti-Malware
2012-07-22 14:24:52 . 2012-07-22 14:24:54 -------- d-----w- C:\Documents and Settings\toomas\Application Data\SpeedyPC Software
2012-07-22 14:24:52 . 2012-07-22 14:24:54 -------- d-----w- C:\Documents and Settings\toomas\Application Data\DriverCure
2012-07-22 14:24:45 . 2012-07-22 14:24:46 -------- d-----w- C:\Program Files\Common Files\SpeedyPC Software
2012-07-22 14:24:44 . 2012-07-22 14:24:46 -------- d-----w- C:\Program Files\SpeedyPC Software
2012-07-22 14:24:44 . 2012-07-22 14:24:46 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
2012-07-22 13:53:55 . 2012-07-22 13:53:56 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2012-07-22 13:53:55 . 2012-07-22 13:53:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-20 18:08:34 . 2012-07-20 18:08:36 -------- d-----w- C:\Documents and Settings\toomas\Application Data\TeamViewer
2012-07-19 19:13:01 . 2012-07-19 19:13:02 -------- d-----w- C:\Documents and Settings\toomas\Local Settings\Application Data\AVG Secure Search
2012-07-19 19:12:58 . 2012-07-19 19:13:00 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-07-19 19:12:51 . 2012-07-19 19:12:52 -------- d-----w- C:\Documents and Settings\toomas\Application Data\AVG Secure Search
2012-07-19 19:12:49 . 2012-07-19 19:12:50 27496 ----a-w- C:\WINDOWS\system32\drivers\avgtpx86.sys
2012-07-19 19:12:45 . 2012-07-19 19:12:46 -------- d-----w- C:\Program Files\Common Files\AVG Secure Search
2012-07-19 19:12:43 . 2012-07-19 19:12:44 -------- d-----w- C:\Program Files\AVG Secure Search
2012-07-19 19:12:10 . 2012-07-19 19:12:12 -------- d--h--w- C:\Documents and Settings\All Users\Application Data\Common Files
2012-07-19 19:12:03 . 2012-07-19 19:12:04 -------- d-----w- C:\Program Files\pazera-software
2012-07-19 18:43:08 . 2012-07-19 18:43:10 -------- d-----w- C:\Documents and Settings\toomas\Application Data\ImTOO Software Studio
2012-07-19 18:42:42 . 2012-07-19 18:42:44 -------- d-----w- C:\Program Files\ImTOO
2012-07-19 17:48:43 . 2012-07-19 17:48:44 -------- d-----w- C:\Program Files\Hazem Osman
2012-07-19 17:37:37 . 2012-07-19 17:37:38 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
2012-07-19 15:18:26 . 2012-07-19 15:18:28 770384 ----a-w- C:\Program Files\Mozilla Firefox\msvcr100.dll
2012-07-19 15:18:26 . 2012-07-19 15:18:28 421200 ----a-w- C:\Program Files\Mozilla Firefox\msvcp100.dll
2012-07-14 15:45:30 . 2012-07-14 15:45:32 -------- d-----w- C:\Documents and Settings\toomas\Local Settings\Application Data\ESET
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-13 13:20:00 . 2008-04-13 21:00:12 1866112 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-06-05 15:50:26 . 2008-04-14 01:42:02 1372672 ----a-w- C:\WINDOWS\system32\msxml6.dll
2012-06-05 15:50:26 . 2008-04-14 01:42:02 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2012-06-04 04:32:08 . 2008-04-14 01:42:06 152576 ----a-w- C:\WINDOWS\system32\schannel.dll
2012-06-02 13:19:44 . 2009-08-06 17:24:18 22040 ----a-w- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 13:19:38 . 2012-02-16 23:05:36 329240 ----a-w- C:\WINDOWS\system32\wucltui.dll
2012-06-02 13:19:38 . 2012-02-16 23:05:36 210968 ----a-w- C:\WINDOWS\system32\wuweb.dll
2012-06-02 13:19:38 . 2012-02-16 23:05:35 219160 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl
2012-06-02 13:19:38 . 2009-08-06 17:24:12 15384 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 . 2012-02-16 23:05:35 53784 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 13:19:34 . 2012-02-16 23:05:35 35864 ----a-w- C:\WINDOWS\system32\wups.dll
2012-06-02 13:19:34 . 2009-08-06 17:24:10 45080 ----a-w- C:\WINDOWS\system32\wups2.dll
2012-06-02 13:19:34 . 2009-08-06 17:24:06 15384 ----a-w- C:\WINDOWS\system32\wuapi.dll.mui
2012-06-02 13:19:34 . 2008-04-14 01:41:52 97304 ----a-w- C:\WINDOWS\system32\cdm.dll
2012-06-02 13:19:30 . 2009-08-06 17:24:00 17944 ----a-w- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 13:19:24 . 2012-02-16 23:05:35 577048 ----a-w- C:\WINDOWS\system32\wuapi.dll
2012-06-02 13:19:18 . 2012-02-16 23:05:35 1933848 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2012-05-31 13:22:10 . 2008-04-14 01:41:52 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2012-05-16 07:58:36 . 2008-04-14 01:42:10 667136 ----a-w- C:\WINDOWS\system32\wininet.dll
2012-05-08 16:40:12 . 2012-05-27 18:52:17 6737808 ------w- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{734A603B-61B2-479C-96E6-37DD24F79A37}\mpengine.dll
2012-05-04 13:16:14 . 2008-04-13 20:54:38 2148352 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2012-05-04 12:32:20 . 2008-04-13 22:01:22 2026496 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2012-05-02 13:46:36 . 2012-02-16 23:03:21 139656 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-07-19 15:18:28 . 2012-02-18 15:32:34 85472 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2008-12-14 14:43:26 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\system32\sfcfiles.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-19 19:12:46 2086496 ----a-w- C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-19 19:12:46 2086496]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2009-09-09 13:10:18 176128]
"picon"="C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 09:48:36 357400]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2010-12-03 05:35:42 136216]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2010-12-03 05:35:30 170008]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2010-12-03 05:35:36 145432]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 13:40:28 3117344]
"vProt"="C:\Program Files\AVG Secure Search\vprot.exe" [2012-07-19 19:12:46 1147488]
"emsisoft anti-malware"="C:\Program Files\Emsisoft Anti-Malware\a2guard.exe" [2012-06-17 13:44:44 3367328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:42:18 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 23:01:00 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 01:41:50 99840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\KN_StrongDC\\StrongDC.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22.7.2012 17:09:42 17904]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [22.7.2012 17:09:41 37856]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [22.7.2012 17:09:42 11776]
R1 avgtp;avgtp;C:\WINDOWS\system32\drivers\avgtpx86.sys [19.7.2012 21:12:49 27496]
R1 ehdrv;ehdrv;C:\WINDOWS\system32\drivers\ehdrv.sys [14.3.2012 8:40:02 120152]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [14.3.2012 8:40:04 104160]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files\Emsisoft Anti-Malware\a2service.exe [22.7.2012 17:09:39 3069752]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40:34 913144]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [17.2.2012 1:58:31 2058776]
R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [19.7.2012 21:12:47 830048]
R3 a2acc;a2acc;C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys [22.7.2012 17:09:41 54072]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\drivers\BCM4E5.SYS [17.2.2012 11:48:37 26568]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [7.5.2012 18:22:02 113120]

Contents of the 'Scheduled Tasks' folder

2012-07-22 C:\WINDOWS\Tasks\SpeedyPC Pro.job
- C:\Program Files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17:54 . 2012-01-30 22:17:54]

2012-07-22 C:\WINDOWS\Tasks\SpeedyPC Update Version3.job
- C:\Program Files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17:58 . 2012-01-30 22:17:58]

2012-07-22 C:\WINDOWS\Tasks\SpeedyPC Registration3.job
- C:\Program Files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17:58 . 2012-01-30 22:17:58]


------- Supplementary Scan -------

uStart Page = https://isearch.avg.com/?cid={19840DBC- ... 2012-07-19 21:12:50&v=12.1.0.20&sap=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 147.229.191.143 147.229.190.143
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
FF - ProfilePath - C:\Documents and Settings\toomas\Application Data\Mozilla\Firefox\Profiles\fr6ukh8x.default\
FF - prefs.js: browser.search.selectedEngine - Google


------- File Associations -------

.scr=AutoCADScriptFile

- - - - ORPHANS REMOVED - - - -

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-UpgradeHelper - C:\Documents and Settings\toomas\Application Data\Opera\{F4189C48-C5CB-4B5A-8334-57F575C68E53}\UpgradeHelper.exe

[Rudy]

Několik položek CF smazal, zbytek logu vypadá čistý. V systému jsou 2 antiviry. Jeden z nich odinstalujte.

[toomas]

Nechal som si NOD, je to vsetko? Sa mi zda ze uz frci...

[Rudy]

Mělo by to být vše.

[toomas]

Dakujem velmi pekne!

[Rudy]

Nemáte zač!