kontrola logu po odstraneni RANSOMWARE viru

[Uziel12]

Dobrý deň,

podprosil by som o kontrolu lugu z hijackthis, po odstraneni Ransomware viru, nakoľko si nie som istý či sa mi ho podarilo úplne odstrániť.

Vopred ďakujem za ochotu a pomoc.

Výpis logu:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:48, on 12.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Port Slovakia\Desktop\vIR\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pravda.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0992102729
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F531843-0E95-46F7-AF91-587F6902C8B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CA7390-C01E-444D-95BD-6A08E596F36A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F531843-0E95-46F7-AF91-587F6902C8B5}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

--
End of file - 9159 bytes

[vyosek]

Zdravim

Poprosim o spusteni nasledujiciho

Aplikace ke stažení:

• http://tharifas.sweb.cz/FRSTLauncher.exe
• http://vyosek.ic.cz/pro_usery/FRSTLauncher.exe

Po stažení FRSTLauncher spustte, objevi se mozna varovani od antiviru, ignorujte a nechte FRSTL spustit

Následně dojde ke stažení FRST a inicializaci

• Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na Ano.
• Dooznačíme položku Addition.txt - viz obrázek.
  
• Klikneme na tlačítko Scan čímž spustíme skenování.
• Počkáme na dokončení skenování FRST a vytvoření doplňkových informací naší nástavbou.
• Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
• Po uzavření logu se FRSTLauncher.exe ukončí a na ploše nám zbyde utilta FRST a dva logy FRST.txt a Addition.txt - nic z toho zatím nemažeme.

[Uziel12]

Ďakujem za rýchlu odpoveď,

avšak mám problém ten program nainštalovať, nakoľko to napíše, že neplatná aplikácia win32. Na druhom pc aplikaciu pustim bez problemu.
Ostatné aplikácie idú na napadnutom pc bez problému.

[Uziel12]

Nainstaloval som soft FRST na druhom pc na usb kluc a z neho som urobil scan na infikovanom pc. Prikladam vypis :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-08-2013 02
Ran by Port Slovakia (administrator) on 12-08-2013 13:30:28
Running from F:\
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
() C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
() C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16384512 2008-01-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2008-01-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HPWUTOOLBOX] - C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [352256 2006-11-15] (Hewlett-Packard Company)
HKLM\...\Run: [Share-to-Web Namespace Daemon] - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [AVG9_TRAY] - C:\PROGRA~1\AVG\AVG9\avgtray.exe [2077536 2012-01-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Samsung PanelMgr] - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [606208 2009-10-13] ()
HKLM\...\Run: [3170 Scan2PC] - C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [503808 2009-06-11] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
Winlogon\Notify\avgrsstarter: avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
MountPoints2: {3a70e71e-7d32-11df-904d-001cc0972792} - F:\USBManager.exe
MountPoints2: {68d2fefa-5425-11de-8eb2-001cc0972792} - F:\EmDesk.exe
MountPoints2: {7075f783-889b-11de-8ef5-001cc0972792} - F:\USBManager.exe
MountPoints2: {abbf651c-bbb4-11dd-aa1c-001cc0972792} - F:\USBManager.exe
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-01] (Nero AG)
HKU\Administrator.PC1\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-01] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-01] (Nero AG)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pravda.sk/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU -No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks: - {0CD68AC9-FF63-3E61-626B-B663E62F6236} - No File [ ]
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WINDOW~4\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{3F531843-0E95-46F7-AF91-587F6902C8B5}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{C1CA7390-C01E-444D-95BD-6A08E596F36A}: [NameServer]192.168.1.1

========================== Services (Whitelisted) =================

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2010-06-22] (AVG Technologies CZ, s.r.o.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-08] (Oak Technology Inc.)
S3 AtcL001; C:\Windows\System32\DRIVERS\l151x86.sys [36864 2007-10-08] (Atheros Communications, Inc.)
R1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [226016 2013-01-16] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29712 2011-09-13] (AVG Technologies CZ, s.r.o.)
R0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2010-03-05] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243152 2011-05-06] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-07-30] (AVG Technologies)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [98944 2008-01-16] (Realtek Semiconductor Corporation )
S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [x]
S4 IntelIde; No ImagePath
S2 SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-12 13:13 - 2013-08-12 13:13 - 00000060 _____ C:\WINDOWS\setupact.log
2013-08-12 13:13 - 2013-08-12 13:13 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-08-12 12:40 - 2013-08-12 12:40 - 00000000 ____D C:\Documents and Settings\Port Slovakia\Desktop\RK_Quarantine
2013-08-12 12:30 - 2013-08-12 12:39 - 00000000 _____ C:\Documents and Settings\Port Slovakia\Desktop\FRSTLauncher.exe
2013-08-12 12:30 - 2013-08-12 12:30 - 00000331 _____ C:\WINDOWS\setupapi.log
2013-08-12 12:30 - 2013-08-12 12:30 - 00000000 ___HD C:\WINDOWS\PIF
2013-08-12 09:36 - 2013-08-12 09:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-08-12 09:32 - 2013-08-12 09:32 - 00000911 _____ C:\AdwCleaner[S2].txt
2013-08-12 09:20 - 2013-08-12 09:21 - 00000852 _____ C:\AdwCleaner[R3].txt
2013-08-12 09:20 - 2013-08-12 09:20 - 00001523 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_D_08122013_092041.txt
2013-08-12 09:20 - 2013-08-12 09:20 - 00001489 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_S_08122013_092036.txt
2013-08-12 09:18 - 2013-08-12 09:18 - 00001456 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_S_08122013_091821.txt
2013-08-12 09:11 - 2013-08-12 09:11 - 00001420 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_S_08122013_091143.txt
2013-08-12 09:07 - 2013-08-12 09:07 - 00002031 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_D_08122013_090731.txt
2013-08-12 09:07 - 2013-08-12 09:07 - 00001870 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_S_08122013_090713.txt
2013-08-10 12:50 - 2013-08-10 12:50 - 00000000 ____D C:\Unreal Commander
2013-08-10 12:39 - 2013-08-10 12:39 - 00000000 ____D C:\Program Files\CCleaner
2013-08-10 12:34 - 2013-08-10 12:35 - 00006629 _____ C:\AdwCleaner[S1].txt
2013-08-10 12:34 - 2013-08-10 12:34 - 00006581 _____ C:\AdwCleaner[R2].txt
2013-08-10 12:34 - 2013-08-10 12:34 - 00006521 _____ C:\AdwCleaner[R1].txt
2013-08-10 12:32 - 2013-08-12 12:43 - 00000000 ____D C:\Documents and Settings\Port Slovakia\Desktop\vIR
2013-08-10 12:10 - 2013-08-10 12:10 - 00011525 _____ C:\Documents and Settings\Port Slovakia\My Documents\cfscript.txt
2013-08-09 19:43 - 2013-08-09 21:04 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-09 19:27 - 2013-08-09 19:27 - 00000000 ____D C:\Documents and Settings\Administrator.PC1\My Documents\backups
2013-08-09 19:22 - 2013-08-09 19:22 - 00008474 _____ C:\Documents and Settings\Administrator.PC1\My Documents\hijackthis.log
2013-08-09 19:14 - 2013-08-09 19:14 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Administrator.PC1\My Documents\HiJackThis.exe
2013-08-09 19:12 - 2013-08-12 12:52 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-08-09 19:12 - 2013-08-09 19:36 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-08-09 19:12 - 2013-08-09 19:36 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-08-09 19:12 - 2013-08-09 19:14 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-08-09 19:12 - 2013-08-09 19:12 - 36271144 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\Administrator.PC1\My Documents\spybot-2.1.exe
2013-08-09 19:12 - 2009-01-25 13:14 - 00015224 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2013-08-09 19:10 - 2013-08-12 13:27 - 00000482 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F00A409-0FA7-4438-8CC9-388033B3FDBB}.job
2013-08-09 19:10 - 2013-08-09 19:10 - 00000000 __SHD C:\Documents and Settings\Administrator.PC1\IECompatCache
2013-08-09 19:09 - 2013-08-09 19:09 - 00000000 __SHD C:\Documents and Settings\Administrator.PC1\PrivacIE
2013-08-09 19:09 - 2013-08-09 19:09 - 00000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\Macromedia
2013-08-09 19:09 - 2013-08-09 19:09 - 00000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\Adobe
2013-08-09 19:08 - 2013-08-09 19:08 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-09 19:07 - 2013-08-09 19:07 - 00000000 __SHD C:\Documents and Settings\Administrator.PC1\IETldCache
2013-08-09 19:05 - 2013-08-10 11:17 - 00000000 __SHD C:\WINDOWS\CSC
2013-08-09 19:05 - 2013-08-09 19:10 - 00000000 ____D C:\Documents and Settings\Administrator.PC1
2013-08-09 19:05 - 2013-08-09 19:05 - 00000020 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini
2013-08-09 19:05 - 2008-11-13 08:36 - 00000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\Microsoft Help
2013-08-09 17:31 - 2013-08-12 13:26 - 00000482 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{DE8C0D3C-02D8-4398-A080-9110EB27AFB1}.job
2013-08-09 17:31 - 2013-08-09 17:31 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-08-09 17:31 - 2013-08-09 17:31 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2013-08-09 17:30 - 2013-08-09 17:31 - 00000000 ____D C:\Documents and Settings\Administrator
2013-08-09 17:30 - 2013-08-09 17:30 - 00000020 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-08-09 17:30 - 2013-08-09 17:30 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-08-09 17:30 - 2008-11-13 08:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2013-08-02 16:23 - 2013-08-02 16:23 - 03267072 _____ C:\Documents and Settings\Port Slovakia\My Documents\Kópia - KONTI FA 2013 07 - PORT i.xls
2013-07-26 12:13 - 2013-07-25 16:27 - 00013843 _____ C:\Documents and Settings\Port Slovakia\fotografie z mobilu 15052013 150 - odkaz.lnk
2013-07-26 12:12 - 2013-07-26 12:12 - 00039424 ___SH C:\Documents and Settings\Port Slovakia\Thumbs.db

==================== One Month Modified Files and Folders =======

2013-08-12 13:27 - 2013-08-09 19:10 - 00000482 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F00A409-0FA7-4438-8CC9-388033B3FDBB}.job
2013-08-12 13:26 - 2013-08-09 17:31 - 00000482 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{DE8C0D3C-02D8-4398-A080-9110EB27AFB1}.job
2013-08-12 13:25 - 2007-07-27 14:00 - 00000435 _____ C:\WINDOWS\system.ini
2013-08-12 13:13 - 2013-08-12 13:13 - 00000060 _____ C:\WINDOWS\setupact.log
2013-08-12 13:13 - 2013-08-12 13:13 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-08-12 13:07 - 2008-10-25 16:34 - 00032384 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-12 12:54 - 2008-10-25 16:31 - 01775632 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-12 12:53 - 2008-10-25 18:26 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-12 12:53 - 2008-10-25 18:26 - 00000051 _____ C:\WINDOWS\wiaservc.log
2013-08-12 12:53 - 2007-07-27 14:00 - 00002422 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-12 12:52 - 2013-08-09 19:12 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-08-12 12:52 - 2008-10-25 16:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-12 12:51 - 2013-01-02 11:37 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-08-12 12:51 - 2012-10-23 13:21 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2013-08-12 12:51 - 2008-10-25 16:35 - 00000178 ___SH C:\Documents and Settings\Port Slovakia\ntuser.ini
2013-08-12 12:43 - 2013-08-10 12:32 - 00000000 ____D C:\Documents and Settings\Port Slovakia\Desktop\vIR
2013-08-12 12:40 - 2013-08-12 12:40 - 00000000 ____D C:\Documents and Settings\Port Slovakia\Desktop\RK_Quarantine
2013-08-12 12:39 - 2013-08-12 12:30 - 00000000 _____ C:\Documents and Settings\Port Slovakia\Desktop\FRSTLauncher.exe
2013-08-12 12:30 - 2013-08-12 12:30 - 00000331 _____ C:\WINDOWS\setupapi.log
2013-08-12 12:30 - 2013-08-12 12:30 - 00000000 ___HD C:\WINDOWS\PIF
2013-08-12 11:52 - 2012-06-19 15:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-12 09:37 - 2012-12-06 15:44 - 00000000 ____D C:\Program Files\Browny02
2013-08-12 09:36 - 2013-08-12 09:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-08-12 09:32 - 2013-08-12 09:32 - 00000911 _____ C:\AdwCleaner[S2].txt
2013-08-12 09:21 - 2013-08-12 09:20 - 00000852 _____ C:\AdwCleaner[R3].txt
2013-08-12 09:20 - 2013-08-12 09:20 - 00001523 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_D_08122013_092041.txt
2013-08-12 09:20 - 2013-08-12 09:20 - 00001489 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_S_08122013_092036.txt
2013-08-12 09:18 - 2013-08-12 09:18 - 00001456 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_S_08122013_091821.txt
2013-08-12 09:11 - 2013-08-12 09:11 - 00001420 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_S_08122013_091143.txt
2013-08-12 09:07 - 2013-08-12 09:07 - 00002031 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_D_08122013_090731.txt
2013-08-12 09:07 - 2013-08-12 09:07 - 00001870 _____ C:\Documents and Settings\Port Slovakia\Desktop\RKreport[0]_S_08122013_090713.txt
2013-08-12 08:59 - 2012-10-23 13:57 - 00000482 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{0E9B409A-F009-4C6C-A3F1-DA6E789ECE09}.job
2013-08-12 08:59 - 2009-12-04 13:23 - 00000000 ____D C:\WINDOWS\system32\Drivers\Avg
2013-08-10 12:50 - 2013-08-10 12:50 - 00000000 ____D C:\Unreal Commander
2013-08-10 12:40 - 2008-10-25 16:35 - 00000000 ____D C:\Documents and Settings\Port Slovakia
2013-08-10 12:39 - 2013-08-10 12:39 - 00000000 ____D C:\Program Files\CCleaner
2013-08-10 12:35 - 2013-08-10 12:34 - 00006629 _____ C:\AdwCleaner[S1].txt
2013-08-10 12:34 - 2013-08-10 12:34 - 00006581 _____ C:\AdwCleaner[R2].txt
2013-08-10 12:34 - 2013-08-10 12:34 - 00006521 _____ C:\AdwCleaner[R1].txt
2013-08-10 12:28 - 2008-10-25 18:22 - 00346608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-10 12:28 - 2008-10-25 18:10 - 00099680 _____ C:\Documents and Settings\Port Slovakia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-08-10 12:23 - 2013-01-02 12:00 - 00000223 _____ C:\WINDOWS\wininit.ini
2013-08-10 12:10 - 2013-08-10 12:10 - 00011525 _____ C:\Documents and Settings\Port Slovakia\My Documents\cfscript.txt
2013-08-10 11:27 - 2013-01-02 11:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-08-10 11:22 - 2013-01-02 11:32 - 00009151 _____ C:\Documents and Settings\Port Slovakia\My Documents\hijackthis.log
2013-08-10 11:17 - 2013-08-09 19:05 - 00000000 __SHD C:\WINDOWS\CSC
2013-08-09 21:04 - 2013-08-09 19:43 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-09 19:36 - 2013-08-09 19:12 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-08-09 19:36 - 2013-08-09 19:12 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-08-09 19:27 - 2013-08-09 19:27 - 00000000 ____D C:\Documents and Settings\Administrator.PC1\My Documents\backups
2013-08-09 19:22 - 2013-08-09 19:22 - 00008474 _____ C:\Documents and Settings\Administrator.PC1\My Documents\hijackthis.log
2013-08-09 19:14 - 2013-08-09 19:14 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Administrator.PC1\My Documents\HiJackThis.exe
2013-08-09 19:14 - 2013-08-09 19:12 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-08-09 19:12 - 2013-08-09 19:12 - 36271144 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\Administrator.PC1\My Documents\spybot-2.1.exe
2013-08-09 19:10 - 2013-08-09 19:10 - 00000000 __SHD C:\Documents and Settings\Administrator.PC1\IECompatCache
2013-08-09 19:10 - 2013-08-09 19:05 - 00000000 ____D C:\Documents and Settings\Administrator.PC1
2013-08-09 19:09 - 2013-08-09 19:09 - 00000000 __SHD C:\Documents and Settings\Administrator.PC1\PrivacIE
2013-08-09 19:09 - 2013-08-09 19:09 - 00000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\Macromedia
2013-08-09 19:09 - 2013-08-09 19:09 - 00000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\Adobe
2013-08-09 19:08 - 2013-08-09 19:08 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-09 19:07 - 2013-08-09 19:07 - 00000000 __SHD C:\Documents and Settings\Administrator.PC1\IETldCache
2013-08-09 19:05 - 2013-08-09 19:05 - 00000020 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini
2013-08-09 17:31 - 2013-08-09 17:31 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE
2013-08-09 17:31 - 2013-08-09 17:31 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2013-08-09 17:31 - 2013-08-09 17:30 - 00000000 ____D C:\Documents and Settings\Administrator
2013-08-09 17:30 - 2013-08-09 17:30 - 00000020 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-08-09 17:30 - 2013-08-09 17:30 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-08-08 11:15 - 2010-04-08 16:38 - 00002079 _____ C:\Documents and Settings\Port Slovakia\Desktop\1 Odkaz na Samsung.lnk
2013-08-07 09:58 - 2009-01-13 15:31 - 00000151 _____ C:\WINDOWS\PhotoSnapViewer.INI
2013-08-06 17:52 - 2013-07-10 17:34 - 00446808 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-08-02 16:23 - 2013-08-02 16:23 - 03267072 _____ C:\Documents and Settings\Port Slovakia\My Documents\Kópia - KONTI FA 2013 07 - PORT i.xls
2013-07-30 17:40 - 2012-01-12 13:00 - 00000000 ____D C:\Documents and Settings\Port Slovakia\My Documents\2012
2013-07-30 11:31 - 2012-01-19 09:41 - 00000000 ____D C:\WINDOWS\system32\cache
2013-07-30 11:30 - 2012-11-09 10:05 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-07-26 12:12 - 2013-07-26 12:12 - 00039424 ___SH C:\Documents and Settings\Port Slovakia\Thumbs.db
2013-07-25 16:27 - 2013-07-26 12:13 - 00013843 _____ C:\Documents and Settings\Port Slovakia\fotografie z mobilu 15052013 150 - odkaz.lnk
2013-07-22 14:40 - 2011-01-17 15:54 - 00000000 ____D C:\Documents and Settings\Port Slovakia\My Documents\2011

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

[vyosek]

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

[Uziel12]

Dobrý deň,

JRT dalo nasledovný výpis

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.4 (08.12.2013:1)
OS: Microsoft Windows XP x86
Ran by Port Slovakia on ut 13.08.2013 at 8:53:38,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ut 13.08.2013 at 8:55:34,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[vyosek]

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

[Uziel12]

Na tu otazku som zabudol ohľadne AVG. Pardon. Na antiviruse je ešte licencia cca 45 dni platna. Potom skusim najst ine lepsie riešenie.

[vyosek]

Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
  HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
  MountPoints2: {3a70e71e-7d32-11df-904d-001cc0972792} - F:\USBManager.exe
  MountPoints2: {68d2fefa-5425-11de-8eb2-001cc0972792} - F:\EmDesk.exe
  MountPoints2: {7075f783-889b-11de-8ef5-001cc0972792} - F:\USBManager.exe
  MountPoints2: {abbf651c-bbb4-11dd-aa1c-001cc0972792} - F:\USBManager.exe
  HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-01] (Nero AG)
  HKU\Administrator.PC1\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-01] (Nero AG)
  HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-01] (Nero AG)
  SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
  Handler: ipp - No CLSID Value - 
  Handler: msdaipp - No CLSID Value - 
  2013-08-09 19:12 - 2013-08-12 12:52 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
  2013-08-09 19:12 - 2013-08-09 19:36 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
  2013-08-09 19:12 - 2013-08-09 19:36 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
  2013-08-09 19:12 - 2013-08-09 19:14 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
  2013-08-09 19:12 - 2013-08-09 19:12 - 36271144 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\Administrator.PC1\My Documents\spybot-2.1.exe
  2013-08-09 19:12 - 2009-01-25 13:14 - 00015224 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
  2013-08-09 19:10 - 2013-08-12 13:27 - 00000482 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F00A409-0FA7-4438-8CC9-388033B3FDBB}.job
  2013-08-12 12:51 - 2013-01-02 11:37 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
  Hosts:
  CMD: shutdown -r -f -t 2
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[Uziel12]

To fixnutie som pustil 2x, lebo pri prvom nebol odinstalovany spybot. Tu je log po druhom fixnuti. Dufam že to nie je velky problem:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-08-2013 02
Ran by Port Slovakia at 2013-08-13 12:13:28 Run:2
Running from F:\
Boot Mode: Normal

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a70e71e-7d32-11df-904d-001cc0972792} => Key not found.
HKCR\CLSID\{3a70e71e-7d32-11df-904d-001cc0972792} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68d2fefa-5425-11de-8eb2-001cc0972792} => Key not found.
HKCR\CLSID\{68d2fefa-5425-11de-8eb2-001cc0972792} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7075f783-889b-11de-8ef5-001cc0972792} => Key not found.
HKCR\CLSID\{7075f783-889b-11de-8ef5-001cc0972792} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abbf651c-bbb4-11dd-aa1c-001cc0972792} => Key not found.
HKCR\CLSID\{abbf651c-bbb4-11dd-aa1c-001cc0972792} => Key not found.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value not found.
HKU\Administrator.PC1\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\PROTOCOLS\Handler\ipp => Key not found.
HKCR\PROTOCOLS\Handler\msdaipp => Key not found.
"C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job" => File/Directory not found.
"C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job" => File/Directory not found.
"C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job" => File/Directory not found.
"C:\Program Files\Spybot - Search & Destroy 2" => File/Directory not found.
"C:\Documents and Settings\Administrator.PC1\My Documents\spybot-2.1.exe" => File/Directory not found.
"C:\WINDOWS\system32\sdnclean.exe" => File/Directory not found.
"C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F00A409-0FA7-4438-8CC9-388033B3FDBB}.job" => File/Directory not found.
Could not move "C:\WINDOWS\system32\config\SpybotSD.evt" => Scheduled to move on reboot.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown -r -f -t 2 =========


========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

C:\WINDOWS\system32\config\SpybotSD.evt => Moved successfully.

==== End of Fixlog ====

[vyosek]

OK, v pohode...

Dejte mi sem nyni log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

[Uziel12]

Vypis RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Port Slovakia at 2013-08-13 12:55:32
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (46%) free of 100 GB
Total RAM: 2036 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:42, on 13.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
C:\Documents and Settings\Port Slovakia\Desktop\vIR\RSIT.exe
C:\Program Files\trend micro\Port Slovakia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pravda.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPWUTOOLBOX] C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0992102729
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F531843-0E95-46F7-AF91-587F6902C8B5}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1CA7390-C01E-444D-95BD-6A08E596F36A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F531843-0E95-46F7-AF91-587F6902C8B5}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8293 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0E9B409A-F009-4C6C-A3F1-DA6E789ECE09}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DE8C0D3C-02D8-4398-A080-9110EB27AFB1}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-11-08 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-11-08 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-11-08 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-16 16384512]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-01-16 69632]
"HPWUTOOLBOX"=C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe [2006-11-15 352256]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2012-01-27 2077536]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2009-10-13 606208]
"3170 Scan2PC"=C:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe [2009-06-11 503808]
"BrStsMon00"=C:\Program Files\Browny02\Brother\BrStMonW.exe [2011-10-18 2678784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-22 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-10-30 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0CD68AC9-FF63-3E61-626B-B663E62F6236}"= []
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\54911883.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\54911883.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe"="C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\twain_32\Samsung\ScanMgr.exe"="C:\WINDOWS\twain_32\Samsung\ScanMgr.exe:*:Enabled:Scan Manger"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe:*:Enabled:ScanToPC"
"C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe"="C:\WINDOWS\twain_32\Samsung\CLX3170\Sscan2io.exe:*:Enabled:SScanToIO"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-08-13 12:55:32 ----D---- C:\rsit
2013-08-13 12:55:32 ----D---- C:\Program Files\trend micro
2013-08-13 12:11:01 ----A---- C:\WINDOWS\wininit.ini
2013-08-13 08:31:19 ----D---- C:\WINDOWS\ERUNT
2013-08-12 13:30:26 ----D---- C:\FRST
2013-08-12 12:30:58 ----HD---- C:\WINDOWS\PIF
2013-08-12 09:36:06 ----D---- C:\TDSSKiller_Quarantine
2013-08-10 12:50:50 ----D---- C:\Unreal Commander
2013-08-10 12:39:16 ----D---- C:\Program Files\CCleaner
2013-08-09 19:43:08 ----AD---- C:\Kaspersky Rescue Disk 10.0
2013-08-09 19:08:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-08-09 19:05:36 ----SHD---- C:\WINDOWS\CSC

======List of files/folders modified in the last 1 month======

2013-08-13 12:55:42 ----D---- C:\WINDOWS\Prefetch
2013-08-13 12:55:32 ----RD---- C:\Program Files
2013-08-13 12:55:30 ----D---- C:\WINDOWS\Temp
2013-08-13 12:49:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-13 12:15:08 ----D---- C:\WINDOWS\system32\config
2013-08-13 12:13:32 ----D---- C:\WINDOWS\system32\drivers\etc
2013-08-13 12:11:01 ----D---- C:\WINDOWS
2013-08-13 12:10:47 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-13 12:08:18 ----SD---- C:\WINDOWS\Tasks
2013-08-13 12:08:18 ----D---- C:\WINDOWS\system32
2013-08-13 02:35:19 ----D---- C:\WINDOWS\system32\drivers\Avg
2013-08-12 13:25:09 ----A---- C:\WINDOWS\system.ini
2013-08-12 12:49:45 ----D---- C:\WINDOWS\AppPatch
2013-08-12 12:49:20 ----D---- C:\Documents and Settings\Port Slovakia\Application Data\ElevatedDiagnostics
2013-08-12 09:37:21 ----D---- C:\WINDOWS\system32\drivers
2013-08-12 09:37:08 ----D---- C:\Program Files\Browny02
2013-08-10 12:40:57 ----D---- C:\WINDOWS\Debug
2013-08-10 12:37:46 ----D---- C:\Program Files\Common Files
2013-08-10 11:27:19 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2013-08-09 20:46:26 ----D---- C:\Program Files\Internet Explorer
2013-08-09 19:12:37 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2013-08-09 19:05:41 ----D---- C:\Documents and Settings
2013-08-07 09:58:26 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2013-07-30 11:31:09 ----D---- C:\WINDOWS\system32\cache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\WINDOWS\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2013-01-16 226016]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2011-09-13 29712]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2011-05-06 243152]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-10-30 5851488]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-16 4609024]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-07-27 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-16 98944]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-10-08 36864]
S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-14 5810]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

[Uziel12]

posielam vypis ADWCleaneru:

# AdwCleaner v2.306 - Logfile created 08/13/2013 at 13:31:20
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Port Slovakia - PC1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Port Slovakia\Desktop\vIR\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R4].txt - [672 octets] - [13/08/2013 13:30:26]
AdwCleaner[R5].txt - [604 octets] - [13/08/2013 13:31:20]

########## EOF - C:\AdwCleaner[R5].txt - [663 octets] ##########

[vyosek]

Jeste jeden fixlist pro FRST, postup je stejny

Kód: Vybrat vše

Start
REG: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" /f
REG: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" /v "{0CD68AC9-FF63-3E61-626B-B663E62F6236}" /f
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{0E9B409A-F009-4C6C-A3F1-DA6E789ECE09}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DE8C0D3C-02D8-4398-A080-9110EB27AFB1}.job
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
CMD: shutdown -r -f -t 2
End