Kontrola PC - pre vyosek

[AL1212]

Dobrý deň!

Tak som sa konečne dostal k tomu druhému PC. Urobil som na ňom nejaký poriadok v súboroch a rád by som podstúpil proces odhalenia potenciálnej hrozby, ako som avizoval. Na úvod posielam log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Alojz at 2012-01-07 15:44:02
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 85 GB (55%) free of 153 GB
Total RAM: 2047 MB (32% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /boot
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=a937ed22-5d63-4741-aa28-43391e39f734 /coreSdkOptions=286 /logConfFile="C:\ProgramData\AVG2012\temp\8a09141d-b392-4206-9d6c-4e51b154e279-1c0-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC64.DLL,nvsvcInitialize
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgfws.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe"
WLIDSvcM.exe 2492
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe"
"C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {FCC1E553-0825-4EC4-BFD8-B4EE6BEF60C0}
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe" -UseTray
taskeng.exe {3579BFB5-140E-43F9-82DB-6F70C218BC11}
"C:\Windows\RAVCpl64.exe"
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
"C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" -tray
"C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe" /n
"C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles startup
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe" -Embedding
"C:\Program Files (x86)\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe" -Embedding
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\system32\conime.exe
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /ELEVATED
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe"
"C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
"C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{A7A95F70-8089-48A6-99CA-EBCB7E7B4F65}
{A0371C5B-D943-4EBC-B906-0E3484153FC5}
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=56308b5f-b3c6-4e07-9d5c-4c1873556935 /coreSdkOptions=18 /logConfFile="C:\ProgramData\AVG2012\temp\ee706671-43e9-4340-9f02-b11c12b64c11-a64-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:5368 CREDAT:203009
"C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe" -Embedding
"C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe" -Embedding
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -Embedding
"C:\Downloads and Setup files\AntivirusScannery, Vypalovanie, Zálohovanie, Utility, Ovladače, Patche etc\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 640 644 652 65536 648

======Scheduled tasks folder======

C:\Windows\tasks\Defraggler Volume C Task.job
C:\Windows\tasks\Defraggler Volume F Task.job
C:\Windows\tasks\Defraggler Volume G Task.job
C:\Windows\tasks\Defraggler Volume H Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [2011-11-11 1942368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-12-13 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-12-13 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1bcec53b-aa13-4de2-814d-2d6a98e7ba79}]
LongTailVideo Toolbar - C:\Program Files (x86)\LongTailVideo\tbLon1.dll [2009-11-13 2166296]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2008-06-19 1190912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24BCDA96-8FCB-4D3B-0500-000000000004}]
SMSender.E.ToolbarsHelper - C:\Windows\system32\mscoree.dll [2009-11-08 444752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-12-18 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll [2011-12-30 1574240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-13 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-12-13 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-12-13 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-12-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-12-13 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll [2008-06-19 1190912]
{24BCDA96-8FCB-4D3B-0500-000000000003} - O2 SMSender - C:\Windows\system32\mscoree.dll [2009-11-08 444752]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968]
{1bcec53b-aa13-4de2-814d-2d6a98e7ba79} - LongTailVideo Toolbar - C:\Program Files (x86)\LongTailVideo\tbLon1.dll [2009-11-13 2166296]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll [2011-12-30 1574240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-12-13 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1584184]
"RtHDVCpl"=C:\Windows\RAVCpl64.exe [2007-02-15 5018112]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 15933984]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 82464]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2011-11-22 2779824]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-11-22 3621040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 138240]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]
"T-Mobile Communication Centre"=C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [2009-01-08 1331024]
"NokiaOviSuite2"=C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-09-01 966712]
""= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"=C:\Windows\SysWOW64\NeroCheck.exe [2001-08-06 155648]
"Sony Ericsson PC Suite"=C:\Program Files (x86)\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"Adobe Photo Downloader"=C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-11-02 59240]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AVG_TRAY"=C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2011-12-03 2415456]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2011-12-30 892768]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
Philips Device Manager.lnk - C:\Program Files (x86)\Philips\SA28XX Device Manager\main.exe
Service Manager.lnk - C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Users\Alojz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-07 15:44:02 ----DC---- C:\rsit
2012-01-07 15:44:02 ----DC---- C:\Program Files\trend micro
2012-01-06 03:07:46 ----DC---- C:\tp
2012-01-06 00:41:34 ----ASH---- C:\hiberfil.sys
2012-01-05 21:02:01 ----DC---- C:\Program Files (x86)\Western Digital Technologies
2012-01-04 18:20:01 ----DC---- C:\Program Files\Defraggler
2011-12-30 22:16:10 ----DC---- C:\Users\Alojz\AppData\Roaming\Tific
2011-12-30 21:49:54 ----DC---- C:\Users\Alojz\AppData\Roaming\AVG2012
2011-12-30 21:48:10 ----DC---- C:\ProgramData\AVG2012
2011-12-26 17:46:48 ----DC---- C:\Program Files\CCleaner
2011-12-23 00:02:56 ----DC---- C:\Program Files\wincmd
2011-12-18 15:53:52 ----AC---- C:\Windows\system32\drivers\dwprot.sys
2011-12-18 14:43:37 ----AC---- C:\Windows\SYSWOW64\javaws.exe
2011-12-18 14:43:36 ----AC---- C:\Windows\SYSWOW64\javaw.exe
2011-12-18 13:33:02 ----DC---- C:\Program Files\iTunes
2011-12-18 13:33:02 ----DC---- C:\Program Files\iPod
2011-12-18 13:33:02 ----DC---- C:\Program Files (x86)\iTunes
2011-12-18 13:07:26 ----SHDC---- C:\Config.Msi
2011-12-18 01:16:13 ----DC---- C:\Program Files (x86)\CleanUp!
2011-12-17 22:01:57 ----AC---- C:\Windows\PegtopUI.exe
2011-12-15 09:12:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-12-15 09:12:32 ----A---- C:\Windows\system32\mshtmled.dll
2011-12-15 09:12:31 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-12-15 09:12:31 ----A---- C:\Windows\system32\iertutil.dll
2011-12-15 09:12:30 ----A---- C:\Windows\SYSWOW64\url.dll
2011-12-15 09:12:30 ----A---- C:\Windows\system32\url.dll
2011-12-15 09:12:29 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-12-15 09:12:29 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-12-15 09:12:29 ----A---- C:\Windows\system32\urlmon.dll
2011-12-15 09:12:29 ----A---- C:\Windows\system32\ieui.dll
2011-12-15 09:12:28 ----A---- C:\Windows\system32\jsproxy.dll
2011-12-15 09:12:27 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-12-15 09:12:26 ----A---- C:\Windows\system32\wininet.dll
2011-12-15 09:12:26 ----A---- C:\Windows\system32\jscript9.dll
2011-12-15 09:12:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-12-15 09:12:25 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-12-15 09:12:24 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-12-15 09:12:24 ----A---- C:\Windows\system32\jscript.dll
2011-12-15 09:12:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-12-15 09:12:15 ----A---- C:\Windows\system32\mshtml.dll
2011-12-15 09:12:14 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-12-15 09:12:13 ----A---- C:\Windows\system32\ieframe.dll
2011-12-15 09:08:58 ----A---- C:\Windows\system32\csrsrv.dll
2011-12-15 09:08:55 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2011-12-15 09:08:55 ----A---- C:\Windows\system32\EncDec.dll
2011-12-15 09:08:43 ----A---- C:\Windows\SYSWOW64\tzres.dll
2011-12-15 09:08:43 ----A---- C:\Windows\system32\tzres.dll
2011-12-15 09:07:44 ----A---- C:\Windows\system32\win32k.sys
2011-12-14 00:12:34 ----AC---- C:\Windows\system32\drivers\stflt.sys
2011-12-14 00:12:32 ----DC---- C:\Users\Alojz\AppData\Roaming\Spyware Terminator
2011-12-14 00:12:32 ----DC---- C:\ProgramData\Spyware Terminator
2011-12-14 00:12:18 ----DC---- C:\Program Files (x86)\Spyware Terminator
2011-12-13 23:53:33 ----DC---- C:\Program Files\Google
2011-12-11 23:07:41 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-12-11 22:16:40 ----DC---- C:\ProgramData\AVG Secure Search
2011-12-11 22:16:34 ----DC---- C:\Program Files (x86)\AVG Secure Search
2011-12-11 21:44:09 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2011-12-11 21:44:04 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2011-12-11 21:44:03 ----A---- C:\Windows\system32\WUDFSvc.dll
2011-12-11 21:44:03 ----A---- C:\Windows\system32\WUDFPlatform.dll
2011-12-11 21:44:03 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2011-12-11 21:43:57 ----A---- C:\Windows\system32\WUDFHost.exe
2011-12-11 21:43:11 ----A---- C:\Windows\system32\WUDFx.dll
2011-12-11 20:12:18 ----AC---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2011-12-11 20:09:36 ----DC---- C:\Program Files (x86)\PC Connectivity Solution
2011-12-10 11:07:14 ----DC---- C:\UTOK

======List of files/folders modified in the last 1 month======

2012-01-07 15:44:42 ----ADC---- C:\ProgramData\Temp
2012-01-07 15:44:02 ----RDC---- C:\Program Files
2012-01-07 15:43:11 ----DC---- C:\Windows\Temp
2012-01-07 15:16:07 ----DC---- C:\ProgramData\MFAData
2012-01-07 15:15:42 ----DC---- C:\Windows\system32\drivers\AVG
2012-01-07 15:05:15 ----DC---- C:\Windows\inf
2012-01-07 15:04:38 ----DC---- C:\Windows\Tasks
2012-01-07 15:03:21 ----DC---- C:\Windows\system32\Tasks
2012-01-07 14:55:44 ----SHD---- C:\System Volume Information
2012-01-07 14:36:12 ----DC---- C:\Windows\System32
2012-01-07 14:36:12 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2012-01-06 16:34:26 ----DC---- C:\Windows
2012-01-06 05:30:20 ----DC---- C:\Windows\system32\catroot
2012-01-06 05:30:16 ----D---- C:\Windows\winsxs
2012-01-05 21:02:28 ----SHDC---- C:\Windows\Installer
2012-01-05 21:02:01 ----RDC---- C:\Program Files (x86)
2012-01-04 18:14:48 ----DC---- C:\Windows\Minidump
2012-01-04 02:01:47 ----DC---- C:\Users\Alojz\AppData\Roaming\uTorrent
2012-01-04 00:14:47 ----SDC---- C:\Users\Alojz\AppData\Roaming\Microsoft
2012-01-04 00:14:38 ----DC---- C:\Windows\Prefetch
2012-01-03 23:51:59 ----DC---- C:\My Documents
2012-01-01 16:07:43 ----DC---- C:\Windows\system32\catroot2
2011-12-30 21:57:05 ----HDC---- C:\ProgramData
2011-12-30 21:52:41 ----DC---- C:\Windows\system32\drivers
2011-12-30 21:45:33 ----DC---- C:\Program Files (x86)\AVG
2011-12-27 21:45:31 ----DC---- C:\Program Files (x86)\Equis
2011-12-27 20:19:00 ----DC---- C:\Downloads and Setup files
2011-12-26 17:59:54 ----DC---- C:\ProgramData\Spybot - Search & Destroy
2011-12-26 17:59:14 ----DC---- C:\Windows\Panther
2011-12-26 17:59:14 ----DC---- C:\Windows\ModemLogs
2011-12-26 17:59:14 ----DC---- C:\Windows\Logs
2011-12-26 17:59:14 ----DC---- C:\Windows\Debug
2011-12-23 00:10:25 ----HDC---- C:\$AVG
2011-12-20 23:28:00 ----DC---- C:\MetaStock Data
2011-12-18 20:23:41 ----DC---- C:\Program Files (x86)\Warcraft III
2011-12-18 17:35:54 ----DC---- C:\Windows\system32\drivers\etc
2011-12-18 14:43:37 ----DC---- C:\Windows\SysWOW64
2011-12-18 14:42:41 ----AC---- C:\Windows\SYSWOW64\deployJava1.dll
2011-12-18 14:36:35 ----DC---- C:\Program Files (x86)\Java
2011-12-18 13:33:02 ----DC---- C:\ProgramData\Apple Computer
2011-12-17 22:07:09 ----HDC---- C:\Program Files (x86)\InstallShield Installation Information
2011-12-17 22:07:04 ----DC---- C:\Program Files (x86)\Common Files
2011-12-17 21:57:38 ----DC---- C:\Program Files (x86)\Opera
2011-12-17 18:55:45 ----DC---- C:\Program Files (x86)\Mozilla Thunderbird
2011-12-15 23:49:29 ----D---- C:\Windows\rescache
2011-12-15 23:23:33 ----DC---- C:\Windows\system32\WDI
2011-12-15 11:04:03 ----DC---- C:\Windows\SYSWOW64\cs-CZ
2011-12-15 11:04:02 ----DC---- C:\Windows\system32\cs-CZ
2011-12-15 11:04:01 ----DC---- C:\Windows\SYSWOW64\migration
2011-12-15 11:04:01 ----DC---- C:\Program Files\Windows Mail
2011-12-15 11:04:01 ----DC---- C:\Program Files (x86)\Windows Mail
2011-12-15 11:04:01 ----DC---- C:\Program Files (x86)\Internet Explorer
2011-12-15 11:03:57 ----DC---- C:\Windows\system32\migration
2011-12-15 11:03:54 ----DC---- C:\Program Files\Internet Explorer
2011-12-15 10:19:51 ----DC---- C:\ProgramData\Microsoft Help
2011-12-15 10:19:49 ----RSDC---- C:\Windows\assembly
2011-12-15 09:58:49 ----AC---- C:\Windows\system32\mrt.exe
2011-12-13 23:56:22 ----DC---- C:\Windows\SYSWOW64\drivers
2011-12-13 23:56:22 ----DC---- C:\Program Files (x86)\Google
2011-12-13 23:42:01 ----DC---- C:\ProgramData\Google
2011-12-13 23:39:57 ----DC---- C:\Windows\SYSWOW64\config
2011-12-13 23:24:10 ----DC---- C:\Windows\Microsoft.NET
2011-12-12 21:42:44 ----DC---- C:\Program Files (x86)\Opera9.27
2011-12-12 01:09:36 ----DC---- C:\Program Files\Common Files\Apple
2011-12-11 23:58:18 ----DC---- C:\Program Files (x86)\QuickTime
2011-12-11 23:51:27 ----DC---- C:\Program Files (x86)\Safari
2011-12-11 23:27:37 ----DC---- C:\Program Files\Common Files\System
2011-12-11 20:38:27 ----DC---- C:\Windows\system32\drivers\UMDF
2011-12-11 20:38:15 ----DC---- C:\ProgramData\PC Suite
2011-12-11 20:12:17 ----DC---- C:\Windows\system32\DRVSTORE
2011-12-11 19:57:18 ----DC---- C:\Windows\system32\config
2011-12-11 19:55:16 ----DC---- C:\Program Files (x86)\Nokia
2011-12-11 19:54:34 ----DC---- C:\Windows\system32\spool
2011-12-11 19:54:33 ----DC---- C:\Windows\system32\CodeIntegrity
2011-12-11 19:54:22 ----DC---- C:\Program Files (x86)\Spybot - Search & Destroy
2011-12-11 19:53:32 ----DC---- C:\Program Files (x86)\Bonjour
2011-12-11 18:58:42 ----DC---- C:\Program Files\iPod(531)
2011-12-11 18:58:42 ----DC---- C:\Program Files\Bonjour
2011-12-11 18:58:41 ----DC---- C:\Windows\system32\Msdtc
2011-12-11 18:58:12 ----DC---- C:\Windows\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
R0 DwProt;DrWeb Protection; C:\Windows\system32\drivers\dwprot.sys [2011-12-18 153880]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2007-08-09 130080]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2011-12-14 51496]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 34152]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2007-02-14 1016616]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys [2007-11-18 1484448]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 9477408]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 112128]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 6144]
S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files (x86)\MSI\DualCoreCenter\NTGLM7X64.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 48488]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 273920]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\Windows\system32\DRIVERS\HidBatt.sys [2006-11-02 26624]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 11008]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 7936]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-05-18 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-05-18 27136]
S3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclk64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RushTopDevice2;RushTopDevice2; \??\C:\Program Files (x86)\MSI\DualCoreCenter\RushTop64.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 108296]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 19720]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 144648]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 126216]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 123656]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-05-18 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-05-18 9216]
S3 WEBNTACCESS;WEBNTACCESS; \??\C:\Windows\syswow64\NTACCESS.SYS []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 172544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2009-01-08 58608]
R2 APC UPS Service;APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [2007-02-27 689672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 27648]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2000-08-06 7442493]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 357376]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-22 1148632]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-11 855904]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-12-13 182768]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2000-08-06 303170]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Udelejte sken avp toolem http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[AL1212]

Ten avp tool podľa popisu v tom linku nepodporuje Visty 64-bit. Možno si spomínate, že som pred vianocami spúšťal Cureit. Ten zbehol, ale medzitým som urobil údržbu diskov, veľa nepotrebných vecí odinštaloval, zmazal, presunul atď. atp. Takže otázka znie: Mám spustiť avp tool napriek tomu, že údajne nepodporuje 64 bit Vista, alebo radšej ten Cureit? V prípade Cureit, čo si spomínam, tak sa spúšťa v nejakom safe móde, nejde spustiť ako admin, počas behu nie je možné nič iné robiť. To mi nevadí, v pohode to nechám bežať, akurát neviem, či to predsa len nemám spustiť ako admin (a to neviem, ako sa dá, tú voľbu som u Cureit nenašiel).

[vyosek]

Jopa, nejak jsem to opomenul...spustte ten CureIt a nejlepe v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

[AL1212]

Tak som začal so scanovaním. Pre istotu som stiahol Cureit z netu, spustil v núdzovom režime. Pokúsil som sa ešte pred spustením scanu aktualizovať databázu programu, ale nič sa po kliku na link Update nejakú dobu nedialo, tak som to nakoniec vzdal a spustil scan. Snáď je to tak správne, scan pár hodín teraz pobeží.

[vyosek]

v poradku, uvidime co a zda-li neco, najde...

[AL1212]

Pokiaľ niečo nájde, mám to rovno zmazať, či nejakým iným spôsobom liečiť?

[vyosek]

Ano, u CureIt jsem se nesetkal s falesnou detekci...

[AL1212]

CureIt dobehol, s výsledkom: Hotovo - nebyl nalezen žádný vir. Pokiaľ budete chcieť vidieť log, môžem poskytnúť.

Mám i log z predošlého behu z 18-12-2011, vtedy to našlo a zmazalo (presunulo do karantény) dva infikované súbory ale zmienil som, že som pomerne drasticky zmenil od tej doby usporiadanie súborov v PC, takže log z tej doby asi nebude moc použiteľný. V zložke Quarantine sú súbory descript.ion a hosts s dátumom zmeny 18-12-2011.

Obsah zložky Quarantine môžem zmazať?

[vyosek]

Obsah te slozky Quarantine mi nekam zabalte a uploadnete, pak CureIt odinstalujte a pripadne Quarantine smazte

[AL1212]

Skomprimovaný archív Quarantine v prílohe. Odinštaláciou CureIt máte na mysli zmazanie súboru cureit.exe z adresára, do ktorého som ho uploadoval? Ani CCleaner ani odinštalovanie cez ovl. panely Win program nikde k odinštalovaniu neponúkajú. Takže iba odmazať natvrdo cureit.exe a dať opraviť registre cez CCleaner?

[vyosek]

Ano, CureIt staci smazat...

Ani v tomto PC zadny keylogger ci neco mu podobneho neni

Jinak prisel jste na neco ohledne toho vyhrozovani - pokud nechcete psat verejne, staci PMka ci na mail vyosek@forum.viry.cz

[AL1212]

Tak to je skvelé ohľadom možnej nákazy. Bol by ste tak láskavý a doporučil prípadne ešte nejakú údržbu tohoto stroja? Ohľadom vyhrážok posielam SZ.

[vyosek]

PM i mail uspecne doly, dekuji

Jako u minule stroje, doporucil bych zmenu zabezpeceni - Avast, Avira MSE

Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

• Nahrady za Spybota:
  • Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
  • SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
• Samozrejme pouzivejte jen jeden z nich
• Osobne doporucuji SuperAntiSpyware

Otevrete si poznamkovy blok

• Start->spustit->notepad
• Vlozte text nize

• Kód: Vybrat vše

  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "SpywareTerminatorShield"=-
  "SpywareTerminatorUpdater"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "ehTray.exe"=-
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
  "SpybotSD TeaTimer"=-
  "NokiaOviSuite2"=-
  ""=-
  [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
  "NeroCheck"=-
  "Sony Ericsson PC Suite"=-
  "Adobe Photo Downloader"=-
  "Adobe Reader Speed Launcher"=-
  "NokiaMServer"=-
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-

• Soubor ulozte jako oprava.reg
• Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
• 
• Zavrit notepad a spustit dvojklikem oprava.reg
• Pripadny dotaz na zmenu registru potvrdte
• Okno jen problikne a opravi regsitry - soubor muzete smazat

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Jinak nic spatneho nevidno

[AL1212]

Dobrý večer, som rád za obsah Vášho mailu, v ktorom mi oznamujete, že hrozba nie je aktuálna. Mám ešte otázku u scriptu k oprave registrov. Čo konkrétne spôsobia nasledujúce inštrukcie:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NokiaOviSuite2"=-
""=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"=-
"Sony Ericsson PC Suite"=-
"Adobe Reader Speed Launcher"=-
"NokiaMServer"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-

NokiuOviSuite a Sony Ericsson PC Suite používam občas hlavne pre pripojenie PC k intenetu (telefón mi v tom prípade slúži ako modem). Budú tie utility fungovať i po uvedenej zmene v registroch? Tá samá otázka sa týka i ostatných aplikácií, budú funkčné? Nepotrebujem, aby boli do bežiacich procesov zavedené po štarte počítača, ale ich funkčnosť ako takých by som rád zachoval, rovnako ako dotaz na aktualizáciu v prípade ich spustenia. Alebo tú zmenu navrhujete pre to, že Win ich pri spustení (po spustení PC) blokuje?