Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

userinit.exe problém

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
majky5538
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 20 črc 2012 13:30

userinit.exe problém

#1 Příspěvek od majky5538 »

Mám doma teraz jeden notebook s Windows 7, problémom je systémový súbor userinit.exe, ktorý sa spúšťa pri štarte, a bol najskôr infikovaný i keď už na napr. virustotal ukazuje, že je čistý. Stále rovnaký problém, niekedy vyhodí po štarte aj chybovú hlášku s "host processes". Už mi celkovo došli nápady, ak ste mali niekto pod. problém, zišiel by sa mi help
PC som prebehol antivirmi (malware bytes, dr.web, avast, eset, AVG, combofix - ten zamrzne pri vymazávaní nejakých zložiek, už raz objavil, že bol tento súbor infikovaný, vyriešil ho ale celkovo problém nezmizol, hijackthis, log som kontroloval, ak by ste kukli prípadne, skúšal som aj nakopírovať nový súbor do system32 z môjho druhého PC, škúšal som system file check (sfc scan), hrabal som sa v registroch, kasperski TDSSK (anti rootkit) som zmazal rootkit, pretože blokoval ataport.sys a spôsoboval BSOD diki za ďalšie rady Kvôli tej chybe nefungujú nejaké služby, napr. nefunguje spojenie s modemom čo má uživateľ internet (mobilny alebo čo to je .) Reinštalovať systém moc nechcem, keďže nemám šajnu, kde je licenčný kód a je tu okolo 300GB dát, ktoré nemám kde zálohovať

hihjack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:39:36, on 19. 7. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\ProgramData\bProtectorForWindows\2.1.415.37\bProtect.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HSPA USB MODEM\ModemListener.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll
O2 - BHO: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\PROGRA~1\MAPSGA~2\bar\1.bin\39bar.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: blekko search bar - {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - C:\Program Files\blekkotb_020\blekkotb_019X.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ModemListener] C:\Program Files\HSPA USB MODEM\ModemListener.exe start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\bprote~1\21415~1.37\protec~1.dll
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: bProtector - bProtector - C:\ProgramData\bProtectorForWindows\2.1.415.37\bProtect.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: WTGService - Unknown owner - C:\Users\asus\WTGService.exe

--
End of file - 7878 bytes

dik

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: userinit.exe problém

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Predpokladam spravne, kdyz me napada myslenka ze ten ntb pro nekoho servisujete? asi ne za dobre slovo ze :?:

:arrow: Pravidla fora jste si cetl?

:arrow: Vy umite pracovat s TDSSKillerem a hlavne ComboFixem (znate jeho prubeh skenu, interpretaci logu a nasledne domazani pomoci skriptu)?
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majky5538
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 20 črc 2012 13:30

Re: userinit.exe problém

#3 Příspěvek od majky5538 »

Zdravím, no bohužiaľ je to za dobré slovo :?: Pravidlá som čítal.

RSIT LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-07-20 16:33:16
Microsoft Windows 7 Professional
System drive C: has 161 GB (34%) free of 477 GB
Total RAM: 2988 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\avast! Emergency Update.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}]
blekko search bar - C:\Program Files\blekkotb_020\blekkotb_019X.dll [2012-03-19 85288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-18 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-11 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
WiseConvert Toolbar - C:\Program Files\WiseConvert\prxtbWise.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\prxtbBS_2.dll [2011-05-09 176936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-18 192112]
{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - WiseConvert Toolbar - C:\Program Files\WiseConvert\prxtbWise.dll [2011-05-09 176936]
{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2009-11-19 307768]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files\ASUS\Wireless Console 3\wcourier.exe [2010-09-23 1601536]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-05-11 136216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-05-11 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-05-11 170008]
"ModemListener"=C:\Program Files\HSPA USB MODEM\ModemListener.exe [2010-05-10 98304]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
C:\Program Files\Anti Trojan Elite\TJEnder.exe [2012-07-19 4076544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [2012-03-01 232616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE [2012-03-12 1694608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-07-26 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]
C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe [2011-05-25 156952]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\bprote~1\21415~1.37\protec~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-30 227328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-07-20 16:33:16 ----D---- C:\rsit
2012-07-20 14:40:28 ----HD---- C:\$AVG
2012-07-20 12:26:45 ----RASH---- C:\MSDOS.SYS
2012-07-20 12:26:45 ----RASH---- C:\IO.SYS
2012-07-20 12:26:42 ----SD---- C:\ComboFix
2012-07-20 12:22:32 ----SHD---- C:\DrWeb Quarantine
2012-07-20 11:51:16 ----A---- C:\TDSSKiller.2.7.46.0_20.07.2012_11.51.16_log.txt
2012-07-20 11:28:11 ----D---- C:\Users\Administrator\AppData\Roaming\AVG2012
2012-07-20 11:26:15 ----D---- C:\Windows\system32\drivers\AVG
2012-07-20 11:26:15 ----D---- C:\ProgramData\AVG2012
2012-07-20 11:25:34 ----D---- C:\Program Files\AVG
2012-07-20 11:19:42 ----HD---- C:\ProgramData\Common Files
2012-07-20 11:17:27 ----D---- C:\ProgramData\MFAData
2012-07-20 11:16:54 ----D---- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-07-20 11:14:10 ----D---- C:\Program Files\Common Files\Doctor Web
2012-07-20 11:13:40 ----D---- C:\ProgramData\Doctor Web
2012-07-20 11:13:40 ----D---- C:\Program Files\DrWeb
2012-07-19 22:43:42 ----AD---- C:\.Trash-999
2012-07-19 22:42:45 ----D---- C:\Users\Administrator\AppData\Roaming\Google
2012-07-19 22:39:10 ----D---- C:\Program Files\Trend Micro
2012-07-19 22:33:51 ----D---- C:\TDSSKiller_Quarantine
2012-07-19 22:31:27 ----A---- C:\TDSSKiller.2.7.46.0_19.07.2012_22.31.27_log.txt
2012-07-19 22:15:21 ----A---- C:\Windows\zip.exe
2012-07-19 22:15:21 ----A---- C:\Windows\SWSC.exe
2012-07-19 22:15:21 ----A---- C:\Windows\SWREG.exe
2012-07-19 22:15:21 ----A---- C:\Windows\sed.exe
2012-07-19 22:15:21 ----A---- C:\Windows\PEV.exe
2012-07-19 22:15:21 ----A---- C:\Windows\NIRCMD.exe
2012-07-19 22:15:21 ----A---- C:\Windows\MBR.exe
2012-07-19 22:15:21 ----A---- C:\Windows\grep.exe
2012-07-19 22:14:12 ----D---- C:\Windows\ERDNT
2012-07-19 22:14:03 ----D---- C:\Qoobox
2012-07-19 22:12:12 ----D---- C:\Users\Administrator\AppData\Roaming\Macromedia
2012-07-19 21:10:31 ----D---- C:\Windows\system32\Extensions
2012-07-19 20:51:28 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2012-07-19 20:50:50 ----D---- C:\Users\Administrator\AppData\Roaming\Identities
2012-07-19 19:51:10 ----D---- C:\Program Files\Anti Trojan Elite
2012-07-19 19:48:41 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2012-07-19 19:48:41 ----D---- C:\Users\Administrator\AppData\Roaming\Media Center Programs
2012-07-19 18:11:12 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-07-19 18:11:11 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-07-19 18:11:06 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-07-19 18:11:06 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-07-19 18:11:05 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-07-19 18:11:03 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-07-19 18:10:50 ----A---- C:\Windows\avastSS.scr
2012-07-19 18:10:49 ----A---- C:\Windows\system32\aswBoot.exe
2012-07-19 18:10:39 ----D---- C:\ProgramData\AVAST Software
2012-07-19 18:10:39 ----D---- C:\Program Files\AVAST Software
2012-07-19 18:08:36 ----A---- C:\Windows\ntbtlog.txt
2012-07-19 14:56:30 ----D---- C:\Program Files\ESET
2012-07-19 14:46:11 ----D---- C:\ProgramData\Malwarebytes
2012-07-19 14:46:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-07-19 14:46:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-07-19 14:44:12 ----D---- C:\Program Files\CCleaner
2012-07-19 14:39:29 ----D---- C:\Windows\pss
2012-07-19 14:00:10 ----A---- C:\Windows\system32\drivers\btwl2cap.sys
2012-07-19 14:00:09 ----A---- C:\Windows\system32\drivers\btwrchid.sys
2012-07-19 14:00:09 ----A---- C:\Windows\system32\drivers\btwavdt.sys
2012-07-19 14:00:09 ----A---- C:\Windows\system32\drivers\btwaudio.sys
2012-07-13 08:32:29 ----HD---- C:\Windows\AxInstSV
2012-07-11 19:36:14 ----A---- C:\Windows\system32\wups2.dll
2012-07-11 19:36:14 ----A---- C:\Windows\system32\wucltux.dll
2012-07-11 19:36:14 ----A---- C:\Windows\system32\wuaueng.dll
2012-07-11 19:36:14 ----A---- C:\Windows\system32\wuauclt.exe
2012-07-11 19:35:57 ----A---- C:\Windows\system32\wups.dll
2012-07-11 19:35:57 ----A---- C:\Windows\system32\wudriver.dll
2012-07-11 19:35:57 ----A---- C:\Windows\system32\wuapi.dll
2012-07-11 19:35:34 ----A---- C:\Windows\system32\wuwebv.dll
2012-07-11 19:35:34 ----A---- C:\Windows\system32\wuapp.exe
2012-06-30 18:05:37 ----A---- C:\Windows\unvise32.exe
2012-06-22 10:39:35 ----A---- C:\Windows\system32\drivers\mod7700.sys
2012-06-22 10:39:35 ----A---- C:\Windows\system32\drivers\ewusbnet.sys
2012-06-22 10:39:35 ----A---- C:\Windows\system32\drivers\ewusbfake.sys
2012-06-22 10:39:35 ----A---- C:\Windows\system32\drivers\ewsercd.sys
2012-06-22 10:39:35 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2012-06-22 10:39:30 ----N---- C:\Windows\system32\drivers\ewusbmdm.sys

======List of files/folders modified in the last 1 month======

2012-07-20 16:31:17 ----D---- C:\Windows\system32\Tasks
2012-07-20 16:30:59 ----A---- C:\Windows\system32\log.txt
2012-07-20 16:30:57 ----D---- C:\Windows\Temp
2012-07-20 16:16:09 ----D---- C:\Windows\system32\drivers
2012-07-20 16:15:07 ----D---- C:\Windows\Speech
2012-07-20 15:11:47 ----D---- C:\Windows\System32
2012-07-20 15:11:47 ----D---- C:\Windows\inf
2012-07-20 15:11:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-07-20 14:27:19 ----D---- C:\Windows\system32\config
2012-07-20 12:33:29 ----D---- C:\Windows\AppPatch
2012-07-20 12:33:29 ----D---- C:\Windows
2012-07-20 12:33:27 ----D---- C:\Program Files\Common Files
2012-07-20 12:19:41 ----D---- C:\Windows\Prefetch
2012-07-20 12:17:07 ----SHD---- C:\Windows\Installer
2012-07-20 12:17:07 ----D---- C:\Windows\system32\appmgmt
2012-07-20 12:16:39 ----D---- C:\Windows\Tasks
2012-07-20 12:16:09 ----SHD---- C:\System Volume Information
2012-07-20 11:49:48 ----D---- C:\Windows\Minidump
2012-07-20 11:26:38 ----D---- C:\Windows\system32\catroot
2012-07-20 11:26:37 ----D---- C:\Windows\system32\DriverStore
2012-07-20 11:26:15 ----HD---- C:\ProgramData
2012-07-20 11:25:34 ----D---- C:\Program Files
2012-07-20 11:25:14 ----D---- C:\Windows\winsxs
2012-07-20 10:54:31 ----D---- C:\Windows\system32\catroot2
2012-07-19 22:44:40 ----D---- C:\Windows\system32\sk-SK
2012-07-19 22:43:33 ----D---- C:\Program Files\BS_Player
2012-07-19 21:35:13 ----D---- C:\ProgramData\Anti-phishing Domain Advisor
2012-07-19 21:35:00 ----D---- C:\Program Files\Searchqu Toolbar
2012-07-19 21:34:59 ----D---- C:\Program Files\PriceGong
2012-07-19 21:34:04 ----D---- C:\Program Files\blekkotb_020
2012-07-19 19:48:47 ----SHD---- C:\$Recycle.Bin
2012-07-19 19:48:41 ----RD---- C:\Users
2012-07-19 19:46:15 ----D---- C:\Windows\system32\cs-CZ
2012-07-19 19:46:01 ----D---- C:\Windows\sk-SK
2012-07-19 19:18:52 ----D---- C:\Windows\Globalization
2012-07-19 15:00:45 ----D---- C:\ProgramData\IBUpdaterService
2012-07-19 15:00:44 ----D---- C:\Windows\AppCompat
2012-07-19 14:20:50 ----SD---- C:\ProgramData\Microsoft
2012-07-13 08:33:02 ----D---- C:\Windows\Downloaded Program Files
2012-06-30 17:55:55 ----D---- C:\Program Files\Postal2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-07-03 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-07-03 721000]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-07-03 353688]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-07-03 54232]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [2009-07-02 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-07-03 57656]
R2 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys [2010-11-15 9984]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2009-12-14 45352]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-15 86056]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2010-01-15 108072]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-15 18472]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2010-01-18 514104]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-04-30 8750592]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-08-18 119408]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver; C:\Windows\system32\DRIVERS\JME.sys [2010-10-05 113632]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 22344]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2011-09-28 1760384]
S0 SpiderG3;DrWeb file system scanner; C:\Windows\system32\drivers\spiderg3.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 393216]
S3 catchme;catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ewsercd;Huawei DataCard USB Serial Port; C:\Windows\system32\DRIVERS\ewsercd.sys [2012-06-22 100224]
S3 ewusbmbb;HUAWEI USB-WWAN miniport; C:\Windows\system32\DRIVERS\ewusbwwan.sys []
S3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-12-13 102784]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2012-06-22 103040]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\jrdusbser.sys [2009-11-17 105344]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 131000]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808]
R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 bProtector;bProtector; C:\ProgramData\bProtectorForWindows\2.1.415.37\bProtect.exe [2012-04-28 1181176]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-11 595232]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DeviceManager;DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [2009-11-17 40960]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-07-26 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: userinit.exe problém

#4 Příspěvek od vyosek »

:arrow: Vytvorte rar (seznam nize co ma mit) a uploadnete mi jej na LP http://www.leteckaposta.cz
  • C:\TDSSKiller.2.7.46.0_20.07.2012_11.51.16_log.txt
  • C:\DrWeb Quarantine
  • C:\ComboFix
  • C:\TDSSKiller_Quarantine
  • C:\TDSSKiller.2.7.46.0_19.07.2012_22.31.27_log.txt
  • C:\Qoobox
:arrow: Pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601
3. Zvláště utilitu ComboFix nespouštějte i když Vám mi poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.
:arrow: Nebezpeci CFka
  • Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
  • Maze stopy po haveti, takze v logu z RSIT neni nic videt
  • Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
  • CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
  • CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

:arrow: Stahnete TDSSQlook http://www.malwareinfo.nl/tools/TDSSQlook.exe
  • Ulozte na plochu a spustte
  • Zvolte moznost A a potvrdte Enterem
  • Po chvili se zobrazi log, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majky5538
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 20 črc 2012 13:30

Re: userinit.exe problém

#5 Příspěvek od majky5538 »

http://leteckaposta.cz/802292944
(TDSSKiller_Quarantine, obsahuje viry, obsah bol preto zabalený plus nato, keďže ho pri kopirovani jednotilvých súborov detekoval avast.) Okrem C:\DrWeb Quarantine, ten SW som vymazal a už tam súbor nemám, keďže som tam mal viac SW podobných.

TDSSQ LOG:
TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - Administrator - pi 20. 07. 2012 - 19:03:31,60.
Microsoft Windows 7 Professional 6.1.7600
***** START SCAN pi 20. 07. 2012 19:03:32,49 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.7.46.0_19.07.2012_22.31.27_log.txt
TDSSKiller.2.7.46.0_20.07.2012_11.51.16_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\19.07.2012_22.31.27
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000\tsk0001.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000\tsk0001.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0011.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0011.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0010.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0010.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0008.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000\svc0000
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001\svc0000
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002\svc0000
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002\svc0000\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\object.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0009.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0008.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0004.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0000.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0001.dta
C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\object.ini

[InfectedObject]
Verdict: Rootkit.Win32.TDSS.tdl4


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000\object.ini

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000\tsk0000.ini

[InfectedFile]
Type: Raw image


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\mbr0000\tsk0001.ini

[InfectedFile]
Type: Raw BB image


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\object.ini

[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0000.ini

[InfectedFile]
Name: cfg.ini
Size: 1168
File time: 2011/12/05 04:53:12.0558


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0001.ini

[InfectedFile]
Name: mbr
Size: 512
File time: 2011/12/05 04:53:12.0602


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0002.ini

[InfectedFile]
Name: bckfg.tmp
Size: 949
File time: 2011/12/05 04:53:12.0631


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0003.ini

[InfectedFile]
Name: cmd.dll
Size: 39936
File time: 2011/12/05 04:53:12.0638


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0004.ini

[InfectedFile]
Name: ldr16
Size: 1319
File time: 2011/12/05 04:53:12.0986


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0005.ini

[InfectedFile]
Name: ldr32
Size: 3666
File time: 2011/12/05 04:53:12.0997


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0006.ini

[InfectedFile]
Name: ldr64
Size: 4192
File time: 2011/12/05 04:53:13.0022


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0007.ini

[InfectedFile]
Name: drv64
Size: 24576
File time: 2011/12/05 04:53:13.0050


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0008.ini

[InfectedFile]
Name: cmd64.dll
Size: 21504
File time: 2011/12/05 04:53:13.0662


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0009.ini

[InfectedFile]
Name: drv32
Size: 33280
File time: 2011/12/05 04:53:13.0963


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0010.ini

[InfectedFile]
Name: keywords
Size: 174
File time: 2011/12/05 10:49:26.0326


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\mbr0000\tdlfs0000\tsk0011.ini

[InfectedFile]
Name: kwrd.dll
Size: 208896
File time: 2011/12/10 05:25:17.0073


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: ATE_PROCMON
Type: Kernel driver (0x1)
Start: Auto (0x2)
ImagePath: \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\Anti Trojan Elite\ATEPMon.sys
md5: 8492eaadb882c0f0b38a40dee1206445


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: LMS
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
md5: a1c148801b4af64847aeb9f3ad9594ef


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002\svc0000\object.ini

[InfectedObject]
Type: Service
Name: UNS
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: "C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\susp0002\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
md5: 41118d920b2b268c0adc36421248cdcf


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\object.ini

[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0000.ini

[InfectedFile]
Name: cfg.ini
Size: 1168
File time: 2011/12/05 04:53:12.0558


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0001.ini

[InfectedFile]
Name: mbr
Size: 512
File time: 2011/12/05 04:53:12.0602


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0002.ini

[InfectedFile]
Name: bckfg.tmp
Size: 949
File time: 2011/12/05 04:53:12.0631


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0003.ini

[InfectedFile]
Name: cmd.dll
Size: 39936
File time: 2011/12/05 04:53:12.0638


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0004.ini

[InfectedFile]
Name: ldr16
Size: 1319
File time: 2011/12/05 04:53:12.0986


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0005.ini

[InfectedFile]
Name: ldr32
Size: 3666
File time: 2011/12/05 04:53:12.0997


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0006.ini

[InfectedFile]
Name: ldr64
Size: 4192
File time: 2011/12/05 04:53:13.0022


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0007.ini

[InfectedFile]
Name: cmd64.dll
Size: 21504
File time: 2011/12/05 04:53:13.0662


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0008.ini

[InfectedFile]
Name: keywords
Size: 174
File time: 2011/12/05 10:49:26.0326


=== C:\TDSSKiller_Quarantine\19.07.2012_22.31.27\tdlfs0000\tsk0009.ini

[InfectedFile]
Name: kwrd.dll
Size: 208896
File time: 2011/12/10 05:25:17.0073


***** END SCAN pi 20. 07. 2012 19:03:33,38 *****

majky5538
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 20 črc 2012 13:30

Re: userinit.exe problém

#6 Příspěvek od majky5538 »

Predtím som v combofixe nerobil žiadne príkazy alebo zmeny, len mi zamŕzal pri práci preto mi ani log nespravilo, som poklikal nato alebo čo...tu som akurát spravil aj log.
Pozerám po RR NTB, že už tú chybu neukazuje, tak asi to bude fajn potom už.. mohlo by si mi to kuknuť pls a pomôcť dočistiť posledne nečistototy a pod. ? Bol by som ti veľmi vďačný. Dik
Čo stími súbormi v karanténach ? Rád by som tam nechal len jeden antivir, keďže je tam toho viac teraz. to TDDSK či ako to je presne by som tam nechal a najskôr avast, AVG tam je len na skúšku.

ComboFix 12-07-20.01 - Administrator . 07. 2012 20:13:28.4.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1250.421.1051.18.2988.2470 [GMT 2:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Administrator\1051.MST
.
-- Previous Run --
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

.
--------
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WTGService
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 18:18 . 2012-07-20 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 18:18 . 2012-07-20 18:18 -------- d-----w- c:\users\asus\AppData\Local\temp
2012-07-20 14:33 . 2012-07-20 14:33 -------- d-----w- C:\rsit
2012-07-20 12:40 . 2012-07-20 12:40 -------- d-----w- C:\$AVG
2012-07-20 12:23 . 2012-07-20 12:23 -------- d-----w- c:\users\asus\AppData\Roaming\AVG2012
2012-07-20 10:22 . 2012-07-20 10:22 -------- d-sh--w- C:\DrWeb Quarantine
2012-07-20 09:26 . 2012-07-20 09:51 -------- d-----w- c:\programdata\AVG2012
2012-07-20 09:26 . 2012-07-20 09:33 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-20 09:25 . 2012-07-20 09:25 -------- d-----w- c:\program files\AVG
2012-07-20 09:19 . 2012-07-20 09:19 -------- d--h--w- c:\programdata\Common Files
2012-07-20 09:17 . 2012-07-20 09:34 -------- d-----w- c:\programdata\MFAData
2012-07-20 09:14 . 2012-07-20 09:14 -------- d-----w- c:\program files\Common Files\Doctor Web
2012-07-20 09:13 . 2012-07-20 10:24 -------- d-----w- c:\program files\DrWeb
2012-07-20 09:13 . 2012-07-20 10:16 -------- d-----w- c:\programdata\Doctor Web
2012-07-19 20:43 . 2012-07-19 20:43 -------- d---a-w- C:\.Trash-999
2012-07-19 20:39 . 2012-07-19 20:39 -------- d-----w- c:\program files\Trend Micro
2012-07-19 20:33 . 2012-07-19 20:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-19 19:10 . 2012-07-19 19:10 -------- d-----w- c:\windows\system32\Extensions
2012-07-19 17:51 . 2012-07-19 19:31 -------- d-----w- c:\program files\Anti Trojan Elite
2012-07-19 17:48 . 2012-07-20 10:36 -------- d-----w- c:\users\Administrator
2012-07-19 16:11 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-19 16:11 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-19 16:11 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-19 16:11 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-19 16:11 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-19 16:11 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-19 16:10 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-19 16:10 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-19 16:10 . 2012-07-19 16:10 -------- d-----w- c:\programdata\AVAST Software
2012-07-19 16:10 . 2012-07-19 16:10 -------- d-----w- c:\program files\AVAST Software
2012-07-19 12:56 . 2012-07-19 12:56 -------- d-----w- c:\program files\ESET
2012-07-19 12:46 . 2012-07-19 12:46 -------- d-----w- c:\users\asus\AppData\Roaming\Malwarebytes
2012-07-19 12:46 . 2012-07-19 12:46 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 12:46 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 12:46 . 2012-07-19 12:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 12:44 . 2012-07-19 19:34 -------- d-----w- c:\program files\CCleaner
2012-07-19 12:00 . 2009-04-07 12:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-07-19 12:00 . 2010-01-15 11:22 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-07-19 12:00 . 2010-01-15 11:22 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-07-19 12:00 . 2010-01-15 11:22 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-07-13 06:32 . 2012-07-13 06:33 -------- d--h--w- c:\windows\AxInstSV
2012-07-11 17:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-11 17:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-11 17:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-11 17:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-11 17:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-11 17:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-11 17:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-11 17:35 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-11 17:35 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-30 16:05 . 1999-12-17 06:13 86016 ----a-w- c:\windows\unvise32.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 10:08 . 2012-01-26 21:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-11 22:41 . 2012-01-12 10:13 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-11 22:41 . 2012-01-26 21:02 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-25 11:51 . 2012-01-12 10:13 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}]
2012-03-19 17:35 85288 ----a-w- c:\program files\blekkotb_020\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
2011-05-09 08:49 176936 ----a-w- c:\program files\WiseConvert\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BS_Player\prxtbBS_2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
"{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}"= "c:\program files\blekkotb_020\blekkotb_019X.dll" [2012-03-19 85288]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CLASSES_ROOT\clsid\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWise.dll" [2011-05-09 176936]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\prxtbBS_2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 170008]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2010-05-10 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 800032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BPROTE~1\21415~1.37\protector.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
backup=c:\windows\pss\Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
backup=c:\windows\pss\SRS Premium Sound.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
2012-07-19 19:31 4076544 ----a-w- c:\program files\Anti Trojan Elite\TJEnder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2012-03-01 18:57 232616 ----a-w- c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-01-24 15:24 2416480 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 11:37 138096 ----atw- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-07-26 13:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 bProtector;bProtector;c:\programdata\bProtectorForWindows\2.1.415.37\bProtect.exe [x]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-19 16:21]
.
2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000Core.job
- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-11 11:37]
.
2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000UA.job
- c:\users\asus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-11 11:37]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 13:13]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 13:13]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 213.151.236.74 213.151.236.66
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,25,e3,f1,2d,a1,d2,4c,8d,ad,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,25,e3,f1,2d,a1,d2,4c,8d,ad,1b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,25,e3,f1,2d,a1,d2,4c,8d,ad,1b,\
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5460)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\windows\system32\conhost.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
.
**************************************************************************
.
Completion time: 2012-07-20 20:28:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 18:28
.
Pre-Run: 169 195 429 888 bytes free
Post-Run: 169 002 201 088 bytes free
.
- - End Of File - - 3BEDE21CF2BC992A45210369DFA228E1

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: userinit.exe problém

#7 Příspěvek od vyosek »

:arrow: Karanteny atd pomazem az po ukonceni leceni - sam nic prosim nemazte

:arrow: Pouklizime komplet po antiviech a dame tam Avast, avg je spise parodie na antivir

:arrow: v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate :arrow: Nainstalujte Avast Free http://www.avast.com/cs-cz/free-antivirus-download

:arrow: Krok dle kolegyne
motji píše: :arrow: Stáhněte SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe
-program spusťte a postupujte podle instrukcí. Log vložte zde :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majky5538
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 20 črc 2012 13:30

Re: userinit.exe problém

#8 Příspěvek od majky5538 »

Results of screen317's Security Check version 0.99.43
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

All vymazané, AVAST FREE, akurát na AVG nefungoval unistaller, pretože to bola asi novšia verzia...ako top guru som nepoužil unistall ale premazal som cieľovú zložku :roll: Tak to vypisuje aj tak, asi to zostalo v regoch alebo kde.

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: userinit.exe problém

#9 Příspěvek od vyosek »

:arrow: Zkuste tenhle http://download.avg.com/filedir/util/av ... 2_2125.exe

:arrow: Poprosim o log z DDS
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majky5538
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 20 črc 2012 13:30

Re: userinit.exe problém

#10 Příspěvek od majky5538 »

DDS (Ver_2011-09-30.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Administrator at 23:27:33 on 2012-07-20
Microsoft Windows 7 Professional 6.1.7600.0.1250.421.1051.18.2988.2220 [GMT 2:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: blekko search bar: {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - c:\program files\blekkotb_020\blekkotb_019X.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - c:\program files\wiseconvert\prxtbWise.dll
TB: BS Player Toolbar: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - c:\program files\bs_player\prxtbBS_2.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
TB: blekko search bar: {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - c:\program files\blekkotb_020\blekkotb_019X.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [ATKMEDIA] c:\program files\asus\atk package\atk media\DMedia.exe
mRun: [HControlUser] c:\program files\asus\atk package\atk hotkey\HControlUser.exe
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ModemListener] c:\program files\hspa usb modem\ModemListener.exe start
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{9E0D2525-B0C4-445B-B1C1-DD9E9ACC4CC2}\130313 : DHCPNameServer = 172.28.146.250 172.16.0.244 193.242.33.115 192.168.168.135 151.99.0.100 151.99.125.1 172.28.146.253
TCP: Interfaces\{9E0D2525-B0C4-445B-B1C1-DD9E9ACC4CC2}\14255414F52697F5D4544554F425 : DHCPNameServer = 192.168.101.1
TCP: Interfaces\{9E0D2525-B0C4-445B-B1C1-DD9E9ACC4CC2}\D43644F6E616C64637D26427565675C414E4 : DHCPNameServer = 213.33.99.70 141.1.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2011-5-25 113632]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-19 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-19 353688]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-19 21256]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-19 57656]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-19 44808]
S2 bProtector;bProtector;c:\programdata\bprotectorforwindows\2.1.415.37\bProtect.exe [2012-4-28 1181176]
S2 DeviceManager;DeviceManager;c:\program files\common files\devicehelper\devicemanager.exe -start --> c:\program files\common files\devicehelper\DeviceManager.exe -start [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-26 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-5-25 2314240]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2011-5-25 45352]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-7-19 29472]
S3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\drivers\ewsercd.sys [2012-6-22 100224]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-26 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2012-6-22 103040]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-26 132480]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\drivers\IntcDAud.sys [2010-2-3 232960]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-5-25 119408]
S3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\drivers\jrdusbser.sys [2011-8-14 105344]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
.
=============== Created Last 30 ================
.
2012-07-20 18:27:48 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-20 12:40:28 -------- d-----w- C:\$AVG
2012-07-20 10:38:24 -------- d-----w- c:\users\administrator\appdata\local\temp
2012-07-20 10:22:32 -------- d-sh--w- C:\DrWeb Quarantine
2012-07-20 09:28:11 -------- d-----w- c:\users\administrator\appdata\roaming\AVG2012
2012-07-20 09:26:15 -------- d-----w- c:\programdata\AVG2012
2012-07-20 09:19:42 -------- d--h--w- c:\programdata\Common Files
2012-07-20 09:17:27 -------- d-----w- c:\programdata\MFAData
2012-07-20 09:15:45 -------- d-----w- c:\users\administrator\Doctor Web
2012-07-20 09:14:10 -------- d-----w- c:\program files\common files\Doctor Web
2012-07-20 09:13:40 -------- d-----w- c:\program files\DrWeb
2012-07-20 09:12:15 111696896 ----a-w- c:\users\administrator\drweb-700-win.msi
2012-07-20 09:10:49 -------- d-----w- c:\users\administrator\appdata\local\Downloaded Installations
2012-07-19 20:43:42 -------- d---a-w- C:\.Trash-999
2012-07-19 20:42:43 -------- d-----w- c:\users\administrator\appdata\local\Google
2012-07-19 20:39:10 388096 ----a-r- c:\users\administrator\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-19 20:39:10 -------- d-----w- c:\program files\Trend Micro
2012-07-19 20:33:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-19 20:15:21 98816 ----a-w- c:\windows\sed.exe
2012-07-19 20:15:21 256000 ----a-w- c:\windows\PEV.exe
2012-07-19 20:15:21 208896 ----a-w- c:\windows\MBR.exe
2012-07-19 19:10:31 -------- d-----w- c:\windows\system32\Extensions
2012-07-19 18:51:38 -------- d-----w- c:\users\administrator\appdata\local\Broadcom
2012-07-19 16:11:06 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-19 16:11:05 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-19 16:11:03 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-19 16:10:50 41224 ----a-w- c:\windows\avastSS.scr
2012-07-19 16:10:39 -------- d-----w- c:\programdata\AVAST Software
2012-07-19 16:10:39 -------- d-----w- c:\program files\AVAST Software
2012-07-19 12:44:12 -------- d-----w- c:\program files\CCleaner
2012-07-19 12:39:29 -------- d-----w- c:\windows\pss
2012-07-19 12:00:10 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-07-19 12:00:09 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-07-19 12:00:09 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-07-19 12:00:09 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-07-13 06:32:29 -------- d--h--w- c:\windows\AxInstSV
2012-07-11 17:36:14 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-11 17:35:57 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-11 17:35:34 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-11 17:35:34 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-30 16:05:37 86016 ----a-w- c:\windows\unvise32.exe
2012-06-22 08:39:35 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-06-22 08:39:35 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-06-22 08:39:35 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-06-22 08:39:35 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-06-22 08:39:35 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys
2012-06-22 08:39:30 102784 ------w- c:\windows\system32\drivers\ewusbmdm.sys
.
==================== Find3M ====================
.
.
============= FINISH: 23:28:11,40 ===============

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: userinit.exe problém

#11 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize
  • Kód: Vybrat vše

    KillAll::
    
    Folder::
    C:\$AVG
    c:\users\administrator\appdata\roaming\AVG2012
    c:\programdata\AVG2012
    C:\DrWeb Quarantine
    c:\users\administrator\Doctor Web
    c:\program files\common files\Doctor Web
    c:\program files\DrWeb
    
    DDS::
    mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
    mURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: blekko search bar: {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - c:\program files\blekkotb_020\blekkotb_019X.dll
    BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
    BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
    TB: WiseConvert Toolbar: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - c:\program files\wiseconvert\prxtbWise.dll
    TB: BS Player Toolbar: {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - c:\program files\bs_player\prxtbBS_2.dll
    TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\prxtbBS_2.dll
    TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
    TB: blekko search bar: {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - c:\program files\blekkotb_020\blekkotb_019X.dll
    
    Driver::
    gupdate
    gupdatem
    
    File::
    c:\users\administrator\drweb-700-win.msi
    C:\Windows\tasks\avast! Emergency Update.job
    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000Core.job
    C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000UA.job
    C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    
    RegLock::
    [HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Internet Explorer\User Preferences]
    [HKEY_USERS\S-1-5-21-952682481-4253036212-391605119-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
    
    ClearJavaCache::
    
    Reboot::
    
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majky5538
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 20 črc 2012 13:30

Re: userinit.exe problém

#12 Příspěvek od majky5538 »

ComboFix 12-07-20.01 - Administrator . 07. 2012 0:00.5.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7600.0.1250.421.1051.18.2988.2500 [GMT 2:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\administrator\drweb-700-win.msi"
"c:\windows\tasks\avast! Emergency Update.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000UA.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$AVG
c:\$avg\$VAULT\V_00000003.fil
c:\$avg\$VAULT\V_00000004.fil
c:\$avg\$VAULT\V_00000005.fil
c:\$avg\$VAULT\V_00000006.fil
c:\$avg\$VAULT\V_00000007.fil
c:\$avg\$VAULT\V_00000008.fil
c:\$avg\$VAULT\V_00000009.fil
c:\$avg\$VAULT\V_00000010.fil
c:\$avg\$VAULT\V_00000011.fil
c:\$avg\$VAULT\V_00000012.fil
c:\$avg\$VAULT\V_00000013.fil
c:\$avg\$VAULT\V_00000014.fil
c:\$avg\$VAULT\V_00000015.fil
c:\$avg\$VAULT\V_00000016.fil
c:\$avg\$VAULT\V_00000017.fil
c:\$avg\$VAULT\V_00000018.fil
c:\$avg\$VAULT\V_00000019.fil
c:\$avg\$VAULT\V_00000020.fil
c:\$avg\$VAULT\V_00000021.fil
c:\$avg\$VAULT\V_00000022.fil
c:\$avg\$VAULT\V_00000023.fil
c:\$avg\$VAULT\V_00000024.fil
c:\$avg\$VAULT\V_00000025.fil
c:\$avg\$VAULT\V_00000026.fil
c:\$avg\$VAULT\V_00000027.fil
c:\$avg\$VAULT\V_00000028.fil
c:\$avg\$VAULT\V_00000029.fil
c:\$avg\$VAULT\V_00000030.fil
c:\$avg\$VAULT\V_00000031.fil
c:\$avg\$VAULT\V_00000032.fil
c:\$avg\$VAULT\V_00000033.fil
c:\$avg\$VAULT\V_00000034.fil
c:\$avg\$VAULT\V_00000035.fil
c:\$avg\$VAULT\V_00000037.fil
c:\$avg\$VAULT\V_00000039.fil
c:\$avg\$VAULT\vvfolder.idx
C:\DrWeb Quarantine
c:\program files\blekkotb_020\blekkotb_019X.dll
c:\program files\bs_player\prxtbBS_2.dll
c:\program files\common files\Doctor Web
c:\program files\DrWeb
c:\program files\DrWeb\drweb32.key
c:\program files\wiseconvert\prxtbWise.dll
c:\programdata\AVG2012
c:\programdata\AVG2012\Antispam\rkd
c:\programdata\AVG2012\Antispam\sc1.bin
c:\programdata\AVG2012\Antispam\sc1.bin.full.2012.07.18.23.14.00
c:\programdata\AVG2012\Antispam\sc1.bin.tmp
c:\programdata\AVG2012\Antispam\sc14.bin.full.2006.06.27.17.01.01
c:\programdata\AVG2012\Antispam\sc17.bin.full.2012.07.15.11.22.30
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.15.12.01.07
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.15.13.01.07
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.15.17.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.02.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.07.01.09
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.08.01.05
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.09.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.10.01.14
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.14.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.15.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.17.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.19.01.09
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.16.22.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.01.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.02.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.14.01.09
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.16.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.17.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.19.01.09
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.20.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.21.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.17.22.01.10
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.03.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.06.01.05
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.13.01.07
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.14.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.15.01.10
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.18.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.19.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.20.01.07
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.18.23.01.09
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.02.01.07
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.12.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.13.01.07
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.14.01.07
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.15.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.17.01.15
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.18.01.07
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.22.01.04
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.19.23.01.05
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.20.00.01.08
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.20.02.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.20.04.01.10
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.20.08.01.06
c:\programdata\AVG2012\Antispam\sc17.bin.incr.2012.07.20.11.01.08
c:\programdata\AVG2012\Antispam\sc18.bin.full.2011.12.17.00.46.57
c:\programdata\AVG2012\Antispam\sc18.bin.incr.2012.03.03.02.23.43
c:\programdata\AVG2012\Antispam\sc18.bin.incr.2012.03.28.21.24.52
c:\programdata\AVG2012\Antispam\sc18.bin.tmp1
c:\programdata\AVG2012\Antispam\sc18.bin.tmp2
c:\programdata\AVG2012\Antispam\sc19.bin.full.2010.02.05.01.51.49
c:\programdata\AVG2012\Antispam\sc2.bin
c:\programdata\AVG2012\Antispam\sc2.bin.full.2005.02.11.04.44.13
c:\programdata\AVG2012\Antispam\sc21.bin.full.2012.07.02.09.02.32
c:\programdata\AVG2012\Antispam\sc6.bin.full.2010.03.15.20.58.02
c:\programdata\AVG2012\Antispam\scoffset.bin.incr
c:\programdata\AVG2012\Antispam\spamcatcher.conf
c:\programdata\AVG2012\avgam\avgam.lck
c:\programdata\AVG2012\Cfg\admin.cfg
c:\programdata\AVG2012\Cfg\csl.cfg
c:\programdata\AVG2012\Cfg\erd.cfg
c:\programdata\AVG2012\Cfg\changecfgreg.cfg
c:\programdata\AVG2012\Cfg\idp.cfg
c:\programdata\AVG2012\Cfg\idp2.cfg
c:\programdata\AVG2012\Cfg\krnl.cfg
c:\programdata\AVG2012\Cfg\mail.cfg
c:\programdata\AVG2012\Cfg\mailsrv.cfg
c:\programdata\AVG2012\Cfg\mailsrvvsapi.cfg
c:\programdata\AVG2012\Cfg\malrep.cfg
c:\programdata\AVG2012\Cfg\scan.cfg
c:\programdata\AVG2012\Cfg\setup.cfg
c:\programdata\AVG2012\Cfg\sched.cfg
c:\programdata\AVG2012\Cfg\spsrv.cfg
c:\programdata\AVG2012\Cfg\update.cfg
c:\programdata\AVG2012\Cfg\updatecomps.cfg
c:\programdata\AVG2012\Cfg\user.cfg
c:\programdata\AVG2012\cfgall\falsealarm.cfg
c:\programdata\AVG2012\cfgall\fw.cfg
c:\programdata\AVG2012\cfgall\krnlall.cfg
c:\programdata\AVG2012\cfgall\updateall.cfg
c:\programdata\AVG2012\cfgall\userall.cfg
c:\programdata\AVG2012\fet\6482dd4482dd1afe.dat
c:\programdata\AVG2012\Chjw\6482dd4482dd1afe.dat
c:\programdata\AVG2012\Chjw\6482dd4482dd1afe\avgcchff.dat
c:\programdata\AVG2012\Chjw\6482dd4482dd1afe\avgcchfi.dat
c:\programdata\AVG2012\Chjw\6482dd4482dd1afe\avgcchmf.dat
c:\programdata\AVG2012\Chjw\6482dd4482dd1afe\avgcchmi.dat
c:\programdata\AVG2012\Chjw\f85ebccd5ebc8642.dat
c:\programdata\AVG2012\Chjw\f85ebccd5ebc8642\avgcchff.dat
c:\programdata\AVG2012\Chjw\f85ebccd5ebc8642\avgcchfi.dat
c:\programdata\AVG2012\Chjw\f85ebccd5ebc8642\avgcchmf.dat
c:\programdata\AVG2012\Chjw\f85ebccd5ebc8642\avgcchmi.dat
c:\programdata\AVG2012\IDS\config\BehavioralEventProcessors.dat
c:\programdata\AVG2012\IDS\config\BehavioralEvents.dat
c:\programdata\AVG2012\IDS\config\Classifiers.dat
c:\programdata\AVG2012\IDS\config\Correlations.dat
c:\programdata\AVG2012\IDS\config\ExecutableEvents.dat
c:\programdata\AVG2012\IDS\config\FileCoverage.dat
c:\programdata\AVG2012\IDS\config\Characteristics.dat
c:\programdata\AVG2012\IDS\config\internalList.zip
c:\programdata\AVG2012\IDS\config\internalList.zip.bak
c:\programdata\AVG2012\IDS\config\md5Cache.dat
c:\programdata\AVG2012\IDS\config\NetworkEvents.dat
c:\programdata\AVG2012\IDS\config\quarantinedList.zip
c:\programdata\AVG2012\IDS\config\quarantinedList.zip.bak
c:\programdata\AVG2012\IDS\config\RegistryCoverage.dat
c:\programdata\AVG2012\IDS\config\Relationships.dat
c:\programdata\AVG2012\IDS\config\ReportableEventMappings.dat
c:\programdata\AVG2012\IDS\config\SelfProtection.dat
c:\programdata\AVG2012\IDS\config\ShortcutCache.dat
c:\programdata\AVG2012\IDS\config\userList.zip
c:\programdata\AVG2012\IDS\config\userList.zip.bak
c:\programdata\AVG2012\IDS\config\XViewConfig.dat
c:\programdata\AVG2012\IDS\malwareprofile\nodes.dat
c:\programdata\AVG2012\IDS\profile\globalLoadable.bak
c:\programdata\AVG2012\IDS\profile\globalLoadable.gdb
c:\programdata\AVG2012\log\amlog.cfg
c:\programdata\AVG2012\log\arklog.cfg
c:\programdata\AVG2012\log\avgam.log
c:\programdata\AVG2012\log\avgam.log.lock
c:\programdata\AVG2012\log\avgcfg.log
c:\programdata\AVG2012\log\avgcfg.log.lock
c:\programdata\AVG2012\log\avgcfgex.log
c:\programdata\AVG2012\log\avgcfgex.log.lock
c:\programdata\AVG2012\log\avgcore.log
c:\programdata\AVG2012\log\avgcore.log.1
c:\programdata\AVG2012\log\avgcore.log.lock
c:\programdata\AVG2012\log\avgcsl.log
c:\programdata\AVG2012\log\avgcsl.log.lock
c:\programdata\AVG2012\log\avgdecider.log
c:\programdata\AVG2012\log\avgdecider.log.lock
c:\programdata\AVG2012\log\avgemc.log
c:\programdata\AVG2012\log\avgemc.log.lock
c:\programdata\AVG2012\log\avgexc.log
c:\programdata\AVG2012\log\avgexc.log.lock
c:\programdata\AVG2012\log\avgfw.log
c:\programdata\AVG2012\log\avgfw.log.lock
c:\programdata\AVG2012\log\avgfw8db.log
c:\programdata\AVG2012\log\avgfw8db.log.lock
c:\programdata\AVG2012\log\avgfw8u.log
c:\programdata\AVG2012\log\avgfw8u.log.lock
c:\programdata\AVG2012\log\avgfws_idp_SYSTEM.log
c:\programdata\AVG2012\log\avgfws_idp_SYSTEM.log.lock
c:\programdata\AVG2012\log\avgfwui.log
c:\programdata\AVG2012\log\avgfwui.log.lock
c:\programdata\AVG2012\log\avgchjw.log
c:\programdata\AVG2012\log\avgchjw.log.lock
c:\programdata\AVG2012\log\avgchjwsrv.log
c:\programdata\AVG2012\log\avgchjwsrv.log.lock
c:\programdata\AVG2012\log\avgidpagent.log
c:\programdata\AVG2012\log\avgidpagent.log.lock
c:\programdata\AVG2012\log\avgidpfix.log
c:\programdata\AVG2012\log\avgldr.log
c:\programdata\AVG2012\log\avgldr.log.lock
c:\programdata\AVG2012\log\avglng.log
c:\programdata\AVG2012\log\avglng.log.1
c:\programdata\AVG2012\log\avglng.log.2
c:\programdata\AVG2012\log\avglng.log.lock
c:\programdata\AVG2012\log\avgmail.cfg
c:\programdata\AVG2012\log\avgns.log
c:\programdata\AVG2012\log\avgns.log.lock
c:\programdata\AVG2012\log\avgpostinst.log
c:\programdata\AVG2012\log\avgpostinst.log.lock
c:\programdata\AVG2012\log\avgrkt.log
c:\programdata\AVG2012\log\avgrkt.log.lock
c:\programdata\AVG2012\log\avgrs.log
c:\programdata\AVG2012\log\avgrs.log.1
c:\programdata\AVG2012\log\avgrs.log.10
c:\programdata\AVG2012\log\avgrs.log.2
c:\programdata\AVG2012\log\avgrs.log.3
c:\programdata\AVG2012\log\avgrs.log.4
c:\programdata\AVG2012\log\avgrs.log.5
c:\programdata\AVG2012\log\avgrs.log.6
c:\programdata\AVG2012\log\avgrs.log.7
c:\programdata\AVG2012\log\avgrs.log.8
c:\programdata\AVG2012\log\avgrs.log.9
c:\programdata\AVG2012\log\avgrs.log.lock
c:\programdata\AVG2012\log\avgscan.log
c:\programdata\AVG2012\log\avgscan.log.lock
c:\programdata\AVG2012\log\avgsched.log
c:\programdata\AVG2012\log\avgsched.log.1
c:\programdata\AVG2012\log\avgsched.log.2
c:\programdata\AVG2012\log\avgsched.log.lock
c:\programdata\AVG2012\log\avgsrm.log
c:\programdata\AVG2012\log\avgsrm.log.lock
c:\programdata\AVG2012\log\avgsrmac.log
c:\programdata\AVG2012\log\avgsrmac.log.lock
c:\programdata\AVG2012\log\avgss.cfg
c:\programdata\AVG2012\log\avgsystools.log
c:\programdata\AVG2012\log\avgsystools.log.lock
c:\programdata\AVG2012\log\avgtdi.log
c:\programdata\AVG2012\log\avgtdi.log.lock
c:\programdata\AVG2012\log\avgtray_idp_Administrator.log
c:\programdata\AVG2012\log\avgtray_idp_Administrator.log.lock
c:\programdata\AVG2012\log\avgual.log
c:\programdata\AVG2012\log\avgual.log.lock
c:\programdata\AVG2012\log\avgui.log
c:\programdata\AVG2012\log\avgui.log.1
c:\programdata\AVG2012\log\avgui.log.lock
c:\programdata\AVG2012\log\avgui_idp_Administrator.log
c:\programdata\AVG2012\log\avgui_idp_Administrator.log.lock
c:\programdata\AVG2012\log\avgui_idp_asus.log
c:\programdata\AVG2012\log\avgui_idp_asus.log.lock
c:\programdata\AVG2012\log\avguidraw.log
c:\programdata\AVG2012\log\avguidraw.log.lock
c:\programdata\AVG2012\log\avguilog.cfg
c:\programdata\AVG2012\log\avgupd.log
c:\programdata\AVG2012\log\avgupd.log.lock
c:\programdata\AVG2012\log\avgwd.log
c:\programdata\AVG2012\log\avgwd.log.1
c:\programdata\AVG2012\log\avgwd.log.lock
c:\programdata\AVG2012\log\avgwdsvc.log
c:\programdata\AVG2012\log\avgwdsvc.log.lock
c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log
c:\programdata\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock
c:\programdata\AVG2012\log\cfgexlog.cfg
c:\programdata\AVG2012\log\cfglog.cfg
c:\programdata\AVG2012\log\commonpriv.log
c:\programdata\AVG2012\log\commonpriv.log.lock
c:\programdata\AVG2012\log\corelog.cfg
c:\programdata\AVG2012\log\csllog.cfg
c:\programdata\AVG2012\log\deciderlog.cfg
c:\programdata\AVG2012\log\emclog.cfg
c:\programdata\AVG2012\log\fixcfg.log
c:\programdata\AVG2012\log\fixcfg.log.lock
c:\programdata\AVG2012\log\fwlog.cfg
c:\programdata\AVG2012\log\fwstats_2012_07_20_09_37_55.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_10_23_43.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_11_19_06.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_11_23_34.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_13_03_25.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_14_15_33.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_14_37_05.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_14_42_21.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_17_51_38.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_18_32_53.fwstats
c:\programdata\AVG2012\log\fwstats_2012_07_20_20_51_17.fwstats
c:\programdata\AVG2012\log\history.xml
c:\programdata\AVG2012\log\chjwlog.cfg
c:\programdata\AVG2012\log\idplog.cfg
c:\programdata\AVG2012\log\ldrlog.cfg
c:\programdata\AVG2012\log\lnglog.cfg
c:\programdata\AVG2012\log\lscanlog.cfg
c:\programdata\AVG2012\log\nslog.cfg
c:\programdata\AVG2012\log\privlog.cfg
c:\programdata\AVG2012\log\publog.cfg
c:\programdata\AVG2012\log\rslog.cfg
c:\programdata\AVG2012\log\scanlog.cfg
c:\programdata\AVG2012\log\schedlog.cfg
c:\programdata\AVG2012\log\srmlog.cfg
c:\programdata\AVG2012\log\systoolslog.cfg
c:\programdata\AVG2012\log\tdilog.cfg
c:\programdata\AVG2012\log\updlog.cfg
c:\programdata\AVG2012\log\vault.log
c:\programdata\AVG2012\log\vault.log.lock
c:\programdata\AVG2012\log\vaultlog.cfg
c:\programdata\AVG2012\log\wdlog.cfg
c:\programdata\AVG2012\log\wdsvclog.cfg
c:\programdata\AVG2012\process.bin
c:\programdata\AVG2012\scanlogs\I_00000001.log
c:\programdata\AVG2012\scanlogs\I_00000005.log
c:\programdata\AVG2012\scanlogs\I_00000006.log
c:\programdata\AVG2012\scanlogs\I_00000007.log
c:\programdata\AVG2012\scanlogs\I_00000008.log
c:\programdata\AVG2012\scanlogs\srm.idx
c:\programdata\AVG2012\SetupBackup\AlertMgx.cab
c:\programdata\AVG2012\SetupBackup\AntiRkx.cab
c:\programdata\AVG2012\SetupBackup\AntiSpmx.cab
c:\programdata\AVG2012\SetupBackup\Antivirx.cab
c:\programdata\AVG2012\SetupBackup\Avgx86.msi
c:\programdata\AVG2012\SetupBackup\basex.cab
c:\programdata\AVG2012\SetupBackup\COREx.cab
c:\programdata\AVG2012\SetupBackup\COREx86.msi
c:\programdata\AVG2012\SetupBackup\Emailsx.cab
c:\programdata\AVG2012\SetupBackup\FWx.cab
c:\programdata\AVG2012\SetupBackup\GUIx.cab
c:\programdata\AVG2012\SetupBackup\IDPx.cab
c:\programdata\AVG2012\SetupBackup\lng_skx.cab
c:\programdata\AVG2012\SetupBackup\lng_usx.cab
c:\programdata\AVG2012\SetupBackup\OnlnScx.cab
c:\programdata\AVG2012\SetupBackup\ResShldx.cab
c:\programdata\AVG2012\SetupBackup\SrchSrfx.cab
c:\programdata\AVG2012\SetupBackup\SSHttpBx.cab
c:\programdata\AVG2012\SetupBackup\SysToolx.cab
c:\programdata\AVG2012\SetupBackup\TDIDrvx.cab
c:\programdata\AVG2012\SetupBackup\TuneUpx.cab
c:\programdata\AVG2012\SetupBackup\Updatex.cab
c:\programdata\AVG2012\Temp\file3196.tmp
c:\programdata\AVG2012\Temp\file9514.tmp
c:\programdata\AVG2012\update\backup\incavi.avm
c:\programdata\AVG2012\update\download\avg12infoavi.ctf
c:\programdata\AVG2012\update\download\avg12infowin.ctf
c:\users\administrator\appdata\roaming\AVG2012
c:\users\administrator\appdata\roaming\AVG2012\cfgall\userawacs.cfg
c:\users\administrator\appdata\roaming\AVG2012\cfgall\usergui.cfg
c:\users\administrator\Doctor Web
c:\users\administrator\Doctor Web\dwscanner.log
c:\users\administrator\drweb-700-win.msi
c:\windows\tasks\avast! Emergency Update.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000Core.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-952682481-4253036212-391605119-1000UA.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 22:05 . 2012-07-20 22:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 22:05 . 2012-07-20 22:05 -------- d-----w- c:\users\asus\AppData\Local\temp
2012-07-20 14:33 . 2012-07-20 14:33 -------- d-----w- C:\rsit
2012-07-20 12:23 . 2012-07-20 12:23 -------- d-----w- c:\users\asus\AppData\Roaming\AVG2012
2012-07-20 09:19 . 2012-07-20 09:19 -------- d--h--w- c:\programdata\Common Files
2012-07-20 09:17 . 2012-07-20 09:34 -------- d-----w- c:\programdata\MFAData
2012-07-19 20:43 . 2012-07-19 20:43 -------- d---a-w- C:\.Trash-999
2012-07-19 20:39 . 2012-07-19 20:39 -------- d-----w- c:\program files\Trend Micro
2012-07-19 20:33 . 2012-07-19 20:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-19 19:10 . 2012-07-19 19:10 -------- d-----w- c:\windows\system32\Extensions
2012-07-19 17:48 . 2012-07-20 22:05 -------- d-----w- c:\users\Administrator
2012-07-19 16:11 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-19 16:11 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-19 16:11 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-19 16:11 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-19 16:11 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-19 16:11 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-19 16:10 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-19 16:10 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-19 16:10 . 2012-07-19 16:10 -------- d-----w- c:\programdata\AVAST Software
2012-07-19 16:10 . 2012-07-19 16:10 -------- d-----w- c:\program files\AVAST Software
2012-07-19 12:46 . 2012-07-19 12:46 -------- d-----w- c:\users\asus\AppData\Roaming\Malwarebytes
2012-07-19 12:44 . 2012-07-19 19:34 -------- d-----w- c:\program files\CCleaner
2012-07-19 12:00 . 2009-04-07 12:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-07-19 12:00 . 2010-01-15 11:22 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-07-19 12:00 . 2010-01-15 11:22 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-07-19 12:00 . 2010-01-15 11:22 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-07-13 06:32 . 2012-07-13 06:33 -------- d--h--w- c:\windows\AxInstSV
2012-07-11 17:36 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-11 17:36 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-11 17:36 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-11 17:36 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-11 17:35 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-11 17:35 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-11 17:35 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-11 17:35 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-11 17:35 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-30 16:05 . 1999-12-17 06:13 86016 ----a-w- c:\windows\unvise32.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-20 10:08 . 2012-01-26 21:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-11 22:41 . 2012-01-12 10:13 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-11 22:41 . 2012-01-26 21:02 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-05-25 11:51 . 2012-01-12 10:13 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 170008]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2010-05-10 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 800032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BPROTE~1\21415~1.37\protector.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
backup=c:\windows\pss\Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
backup=c:\windows\pss\SRS Premium Sound.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2012-03-01 18:57 232616 ----a-w- c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 bProtector;bProtector;c:\programdata\bProtectorForWindows\2.1.415.37\bProtect.exe [x]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\DRIVERS\JME.sys [x]
.
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
.
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3300)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-21 00:10:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-20 22:10
ComboFix2.txt 2012-07-20 18:28
.
Pre-Run: 169 148 239 872 bytes free
Post-Run: 169 096 474 624 bytes free
.
- - End Of File - - D0043A57E2B0F394003512607A2A5B89

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: userinit.exe problém

#13 Příspěvek od vyosek »

Jak se chova nas pacient :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

majky5538
Návštěvník
Návštěvník
Příspěvky: 9
Registrován: 20 črc 2012 13:30

Re: userinit.exe problém

#14 Příspěvek od majky5538 »

Všetko funguje OK :) thats all ?

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: userinit.exe problém

#15 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Odpovědět