AVG hlási virus

Zpráva

dex73r · #1 Příspěvek od **dex73r** » 26 led 2012 13:45

Zdravím, môj antivirus AVG IS 2012 mi hlási nejaký virus Trojan , skúsal som dat do truhly s virmi ale obavam sa ze pokial to odstranim nepojde mi PC zapnut.. log pribudne o par minut..

dex73r · #2 Příspěvek od **dex73r** » 26 led 2012 13:50

Logfile of random's system information tool 1.09 (written by random/random)
Run by dex73r ^^Ôwn at 2012-01-26 13:45:26
Microsoft Windows 7 Ultimate
System drive C: has 7 GB (12%) free of 53 GB
Total RAM: 2038 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:45:58, on 26. 1. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\Downloads\RSIT.exe
C:\Windows\system32\rundll32.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\dex73r ^^Ôwn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/9514
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ???????@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: BitTorrentBar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll
O3 - Toolbar: ???????@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "c:\program files\skype\phone\skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acunetix WVS Scheduler v7 (AcuWVSSchedulerv7) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: IMF Service (IMFservice) - Unknown owner - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--
End of file - 9429 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3437577185-1627907297-3700836042-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3437577185-1627907297-3700836042-1002UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.mail.ru/cnt/9514"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYSK&&q="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@toolbar"=C:\ProgramData\AVG Secure Search\10.0.0.7\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.2.1]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default\extensions\
foxyproxy@eric.h.jung
toolbar@ask.com
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default\searchplugins\
askcom.xml
mailru---.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\prxtbBitT.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}]
MailRuBHO Class - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll [2012-01-12 1593432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll [2012-01-15 1811296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2011-11-08 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\prxtbBitT.dll [2011-05-09 176936]
{09900DE8-1DCA-443F-9243-26FF581438AF} - Спутник@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll [2012-01-12 1593432]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll [2012-01-15 1811296]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-12-03 2415456]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe [2012-01-15 928096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-09-30 252296]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-01-24 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"=C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [2011-11-12 1647448]
"Steam"=c:\program files\steam\steam.exe [2011-11-06 1242448]
"Skype"=c:\program files\skype\phone\skype.exe [2011-10-13 19550344]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"BitTorrent"=C:\Program Files\BitTorrent\BitTorrent.exe [2011-11-11 5960560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\common files\adobe\arm\1.0\adobearm.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
c:\program files\ask.com\updater\updater.exe [2012-01-03 1391272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
c:\program files\bittorrent\bittorrent.exe [2011-11-11 5960560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
c:\program files\divx\divx update\divxupdate.exe [2011-07-29 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
c:\program files\mail.ru\guard\guardmailru.exe /gui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
c:\program files\logmein hamachi\hamachi-2-ui.exe [2011-08-15 1955208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
c:\program files\avg secure search\vprot.exe [2012-01-15 939872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-26 13:45:27 ----D---- C:\Program Files\trend micro
2012-01-26 13:45:26 ----D---- C:\rsit
2012-01-25 10:21:55 ----D---- C:\Temp
2012-01-24 17:34:36 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-01-24 17:30:34 ----D---- C:\Program Files\Adobe Media Player
2012-01-24 17:28:44 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-01-20 22:19:25 ----D---- C:\aircrack-ng-1.1-win
2012-01-20 22:18:19 ----D---- C:\Program Files\Network Stumbler
2012-01-19 18:14:38 ----D---- C:\Windows\system32\appmgmt
2012-01-17 22:34:31 ----D---- C:\Program Files\Acunetix
2012-01-17 15:29:21 ----D---- C:\Program Files\Havij
2012-01-17 15:26:36 ----D---- C:\Program Files\HAVAJ
2012-01-15 18:33:42 ----D---- C:\Program Files\No-IP
2012-01-15 13:06:17 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.clickme
2012-01-15 12:44:47 ----D---- C:\Program Files\Oracle
2012-01-15 12:43:43 ----D---- C:\Program Files\Common Files\Java
2012-01-15 12:42:47 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-01-13 06:41:33 ----HD---- C:\$AVG
2012-01-11 18:13:45 ----D---- C:\Program Files\Common Files\DESIGNER
2012-01-11 18:10:48 ----D---- C:\Program Files\Microsoft Analysis Services
2012-01-11 18:09:53 ----D---- C:\Program Files\Microsoft Office
2012-01-11 18:09:52 ----D---- C:\ProgramData\Microsoft Help
2012-01-11 18:09:27 ----RHD---- C:\MSOCache
2012-01-08 14:34:06 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\AVG2012
2012-01-08 14:32:29 ----D---- C:\ProgramData\AVG Secure Search
2012-01-08 14:32:21 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-01-08 14:32:17 ----D---- C:\Program Files\AVG Secure Search
2012-01-08 14:29:24 ----D---- C:\Windows\system32\drivers\AVG
2012-01-08 14:29:24 ----D---- C:\ProgramData\AVG2012
2012-01-08 14:27:30 ----D---- C:\Program Files\AVG
2012-01-08 14:08:23 ----HD---- C:\ProgramData\Common Files
2012-01-08 14:08:09 ----D---- C:\ProgramData\MFAData
2012-01-05 22:50:35 ----A---- C:\Windows\system32\XAudio2_4.dll
2012-01-05 22:50:34 ----A---- C:\Windows\system32\xactengine3_4.dll
2012-01-05 22:50:34 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2012-01-05 22:50:29 ----A---- C:\Windows\system32\d3dx9_31.dll
2012-01-02 23:18:55 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-01-02 23:18:55 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-01-02 23:18:54 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-01-02 23:18:54 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2012-01-02 23:18:53 ----A---- C:\Windows\system32\xinput1_3.dll
2012-01-02 23:18:53 ----A---- C:\Windows\system32\d3dx9_33.dll
2012-01-02 23:18:39 ----D---- C:\Program Files\Microsoft XNA
2011-12-31 11:10:30 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mount&Blade Warband
2011-12-31 11:06:32 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-12-31 11:06:32 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-12-31 11:06:31 ----A---- C:\Windows\system32\D3DX9_41.dll
2011-12-29 23:42:33 ----D---- C:\Program Files\Lame For Audacity
2011-12-29 23:37:54 ----D---- C:\Program Files\Audacity
2011-12-28 18:36:21 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\LolClient
2011-12-28 15:23:55 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-12-28 15:23:55 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-12-28 15:23:55 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-12-28 15:23:55 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-12-28 15:23:55 ----A---- C:\Windows\system32\D3DCompiler_39.dll

======List of files/folders modified in the last 1 month======

2012-01-26 13:45:35 ----D---- C:\Windows\Temp
2012-01-26 13:45:27 ----RD---- C:\Program Files
2012-01-26 13:43:41 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\BitTorrent
2012-01-26 13:40:31 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Skype
2012-01-26 12:53:34 ----D---- C:\Program Files\Steam
2012-01-26 06:46:47 ----D---- C:\Windows\system32\wbem
2012-01-26 06:20:17 ----D---- C:\Windows
2012-01-25 21:35:30 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Identities
2012-01-25 19:23:40 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.minecraft
2012-01-25 10:33:33 ----SD---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Microsoft
2012-01-25 10:21:55 ----D---- C:\Windows\debug
2012-01-25 10:21:54 ----D---- C:\Windows\System32
2012-01-24 22:05:07 ----RSD---- C:\Windows\Fonts
2012-01-24 17:46:53 ----SHD---- C:\Windows\Installer
2012-01-24 17:46:52 ----D---- C:\Program Files\Common Files\Adobe
2012-01-24 17:37:46 ----D---- C:\Windows\system32\config
2012-01-24 17:34:36 ----HD---- C:\ProgramData
2012-01-24 17:34:27 ----D---- C:\ProgramData\Adobe
2012-01-24 17:33:56 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Adobe
2012-01-24 17:33:19 ----D---- C:\Program Files\Adobe
2012-01-24 17:28:44 ----D---- C:\Program Files\Common Files
2012-01-24 17:27:30 ----D---- C:\Windows\winsxs
2012-01-23 14:24:17 ----D---- C:\Windows\Prefetch
2012-01-20 22:33:02 ----SHD---- C:\System Volume Information
2012-01-20 22:18:22 ----SD---- C:\ProgramData\Microsoft
2012-01-19 18:16:55 ----HD---- C:\Program Files\InstallShield Installation Information
2012-01-19 18:08:59 ----D---- C:\Program Files\Mail.Ru
2012-01-18 18:06:01 ----D---- C:\Windows\Tasks
2012-01-18 18:06:01 ----D---- C:\Windows\system32\Tasks
2012-01-17 22:33:20 ----D---- C:\Windows\inf
2012-01-17 22:33:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-01-17 22:25:38 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\IObit
2012-01-15 17:19:26 ----D---- C:\Program Files\Ask.com
2012-01-15 12:42:35 ----A---- C:\Windows\system32\javaw.exe
2012-01-15 12:42:35 ----A---- C:\Windows\system32\java.exe
2012-01-15 12:42:33 ----D---- C:\Program Files\Java
2012-01-13 06:37:40 ----D---- C:\Windows\system32\catroot2
2012-01-11 18:15:53 ----RSD---- C:\Windows\assembly
2012-01-11 18:13:13 ----D---- C:\Program Files\Common Files\microsoft shared
2012-01-11 18:13:01 ----D---- C:\Program Files\Microsoft.NET
2012-01-11 18:10:49 ----D---- C:\Windows\ShellNew
2012-01-08 14:31:19 ----D---- C:\Windows\system32\drivers
2012-01-08 14:30:13 ----D---- C:\Windows\system32\DriverStore
2012-01-08 14:30:13 ----D---- C:\Windows\system32\catroot
2012-01-05 22:23:01 ----D---- C:\Program Files\Common Files\Steam
2012-01-05 15:47:05 ----D---- C:\Windows\system
2011-12-29 18:42:08 ----D---- C:\ProgramData\PMB Files
2011-12-29 15:28:41 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\DAEMON Tools Lite
2011-12-28 15:23:49 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-05 232512]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-11-25 229224]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-13 1096704]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 EagleNT;EagleNT; C:\Windows\system32\drivers\EagleNT.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-03-23 30600]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-03-23 19280]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUSB;Sony Ericsson USB Device sa0101 Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
S3 XDva375;XDva375; \??\C:\Windows\system32\XDva375.sys []
S4 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-07-11 18768]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7; C:\Program Files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe [2011-10-05 675976]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
R2 avgfws;AVG Firewall; C:\Program Files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-15 909152]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe []
S2 IMFservice;IMF Service; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe []
S2 Iprip;DCOM+ Server Process; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-01-05 419624]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1343400]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

dex73r · #3 Příspěvek od **dex73r** » 26 led 2012 17:44

prepáčte ak toto berete za spam ale prosil by som rychlo pomoc pretože mi vypadava internet co sa iba teraz stava a ak chcem zpet internet tak musim restart pc zakazdym :/

dodopa · #4 Příspěvek od **dodopa** » 26 led 2012 17:53

dex73r píše:prepáčte ak toto berete za spam ale prosil by som rychlo pomoc pretože mi vypadava internet co sa iba teraz stava a ak chcem zpet internet tak musim restart pc zakazdym :/

Zdravím

tým, že si tu odpisujete, je pre radcov ťažšie Vás objaviť, keďže hľadajú témata bez odpovedí

A berte na vedomie, že oni sú tu len vo svojom voľnom čase, tak musíte mať chvíli strpenia

Niekoho Vám sem dohodím, porposím o chvílku strpenia

#5 Příspěvek od **vyosek** » 26 led 2012 18:01

Zdravim a pekny podvecer preji

Jak bylo zmineno, nase forum funguje na bazi dobrovolnosti, radci jsou zde zdarma a ve svem volnem case. Pokud potrebujete urgentni pomoc, mel jste se obratit na specializovane servisy ci weby kde jsou technici placeni a resi problemy ihned.

A tim jak jste si sam odpovidal, jste nam to jeste ztizil

Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Scan
Po dokonceni skenu kliknete na Report - otevre se log, ten sem vlozte

dex73r · #6 Příspěvek od **dex73r** » 26 led 2012 18:14

Ano, prepacte no trosku som mal nervy na toho mojho pacienta ze vypadava net aj ked je to moja chyba..

ten win som si nekupoval, bol k PC zadarmo tak som si povedal preco nie.

----------------------------

RogueKiller V7.0.0 [01/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: dex73r ^^Ôwn [Admin rights]
Mode: Scan -- Date : 01/26/2012 18:12:26

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp;ftp=;hxxp=;) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3827614bc6c0286913630ef1369d978e
[BSP] 84d1dff288ee0c265d692d1927afa51e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 55183 Mo

1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 107780085 | Size: 104855 Mo

User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#7 Příspěvek od **vyosek** » 26 led 2012 18:20

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Scan a pote Deletion a nasledne Report - otevre se log, ten sem vlozte
Pak kliknete na HostFix a Report - otevre se log, ten sem vlozte
Pak kliknete na ProxyFix a Report - otevre se log, ten sem vlozte

dex73r · #8 Příspěvek od **dex73r** » 26 led 2012 18:26

1. scan mal som iba Delete, ten som spravil:

RogueKiller V7.0.0 [01/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: dex73r ^^Ôwn [Admin rights]
Mode: Remove -- Date : 01/26/2012 18:23:47

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp;ftp=;hxxp=;) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 3827614bc6c0286913630ef1369d978e
[BSP] 84d1dff288ee0c265d692d1927afa51e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 55183 Mo

1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 107780085 | Size: 104855 Mo

User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

2. scan

RogueKiller V7.0.0 [01/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: dex73r ^^Ôwn [Admin rights]
Mode: HOSTSFix -- Date : 01/26/2012 18:24:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED]
¤¤¤ HOSTS File: ¤¤¤

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

3.

RogueKiller V7.0.0 [01/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: dex73r ^^Ôwn [Admin rights]
Mode: ProxyFix -- Date : 01/26/2012 18:25:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED]
¤¤¤ Registry Entries: 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=;ftp=;https=;) -> DELETED

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#9 Příspěvek od **vyosek** » 26 led 2012 18:41

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

dex73r · #10 Příspěvek od **dex73r** » 02 úno 2012 15:14

prepáčte za zdržanie, mal som trošku viac zo školy a nemal som na to moc času... na mojom pc zatial bola mama aj otec atd a im to slo v pohode ale aj tak som sem spravil ten log lebo si nemyslim ze sa to vycistilo samo odseba..

ComboFix 12-02-02.01 - dex73r ^^Ôwn . 02. 2012 14:53:18.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2038.1301 [GMT 1:00]
Running from: c:\users\dex73r ^^Ôwn\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\windows\7Loader.TAG
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\CONFIG.exe
c:\windows\system32\Temp
c:\windows\system32\Temp\metin2.stderr.log
c:\windows\system32\Temp\metin2.stdout.log
c:\windows\system32\Temp\metin2_common_f_8374_13533.fastresume
c:\windows\system32\Temp\metin2_hshield.fastresume
c:\windows\system32\Temp\patch.log
.
Infected copy of c:\windows\system32\user32.dll was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 14:01 . 2012-02-02 14:04 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\temp
2012-02-02 14:01 . 2012-02-02 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 05:44 . 2012-02-02 06:01 -------- d-----w- c:\program files\Garena Classic
2012-02-01 18:40 . 2012-02-01 18:55 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\DMCache
2012-02-01 18:40 . 2012-02-01 18:43 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\IDM
2012-02-01 18:40 . 2012-02-01 19:34 -------- d-----w- c:\program files\Internet Download Manager
2012-01-31 12:34 . 2012-01-31 12:34 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Unity
2012-01-26 13:42 . 2012-01-27 00:48 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-01-26 12:45 . 2012-01-26 12:45 -------- d-----w- c:\program files\trend micro
2012-01-26 12:45 . 2012-01-26 12:46 -------- d-----w- C:\rsit
2012-01-25 09:21 . 2012-01-25 09:21 -------- d-----w- C:\Temp
2012-01-24 16:34 . 2012-01-24 16:34 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-01-24 16:30 . 2012-01-24 16:30 -------- d-----w- c:\program files\Adobe Media Player
2012-01-24 16:28 . 2012-01-24 16:28 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-20 21:19 . 2012-01-24 21:13 -------- d-----w- C:\aircrack-ng-1.1-win
2012-01-20 21:18 . 2012-01-20 21:18 -------- d-----w- c:\program files\Network Stumbler
2012-01-17 21:34 . 2012-01-24 10:52 -------- d-----w- c:\program files\Acunetix
2012-01-17 14:29 . 2012-01-17 14:32 -------- d-----w- c:\program files\Havij
2012-01-17 14:29 . 2009-09-09 23:36 260096 ----a-w- c:\windows\system32\RICHTX32.ocx
2012-01-17 14:29 . 2004-03-08 22:30 124688 ----a-w- c:\windows\system32\Mswinsck.ocx
2012-01-17 14:29 . 2000-12-05 22:00 209608 ----a-w- c:\windows\system32\tabctl32.ocx
2012-01-17 14:29 . 2000-05-21 22:00 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2012-01-17 14:29 . 1998-06-23 23:00 115016 ----a-w- c:\windows\system32\MSInet.ocx
2012-01-17 14:26 . 2012-01-17 14:26 -------- d-----w- c:\program files\HAVAJ
2012-01-15 17:35 . 2012-01-15 17:35 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\Vitalwerks
2012-01-15 17:33 . 2012-01-15 17:33 -------- d-----w- c:\program files\No-IP
2012-01-15 12:06 . 2012-01-15 12:06 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\.clickme
2012-01-15 11:44 . 2012-01-15 11:45 -------- d-----w- c:\program files\Oracle
2012-01-15 11:43 . 2012-01-15 11:43 -------- d-----w- c:\program files\Common Files\Java
2012-01-15 11:42 . 2011-11-08 18:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-15 11:40 . 2012-01-15 11:47 -------- d-----w- c:\users\dex73r ^^Ôwn\jdk1.7.0_02_combo
2012-01-13 05:41 . 2012-01-13 05:41 -------- d-----w- C:\$AVG
2012-01-11 17:10 . 2012-01-11 17:10 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-01-11 17:10 . 2012-01-11 17:10 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\Microsoft Help
2012-01-11 17:09 . 2012-01-11 17:22 -------- d-----w- c:\programdata\Microsoft Help
2012-01-11 17:09 . 2012-01-11 17:09 -------- d-----r- C:\MSOCache
2012-01-08 13:34 . 2012-01-08 13:34 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\AVG2012
2012-01-08 13:32 . 2012-01-15 11:13 -------- d-----w- c:\programdata\AVG Secure Search
2012-01-08 13:32 . 2012-01-08 13:32 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-08 13:32 . 2012-01-15 11:13 -------- d-----w- c:\program files\AVG Secure Search
2012-01-08 13:29 . 2012-02-02 07:12 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-08 13:29 . 2012-01-08 13:42 -------- d-----w- c:\programdata\AVG2012
2012-01-08 13:27 . 2012-01-08 13:27 -------- d-----w- c:\program files\AVG
2012-01-08 13:08 . 2012-01-08 13:08 -------- d--h--w- c:\programdata\Common Files
2012-01-08 13:08 . 2012-02-02 12:26 -------- d-----w- c:\programdata\MFAData
2012-01-05 21:50 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2012-01-05 21:50 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2012-01-05 21:50 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-01-05 21:50 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 13:18 . 2011-11-08 10:54 164880 ---ha-w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-12-11 13:18 . 2011-11-08 10:54 164880 ---ha-w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2011-12-01 15:58 . 2011-11-05 21:39 2829 ----a-w- c:\windows\War3Unin.pif
2011-12-01 15:58 . 2011-11-05 21:39 139264 ----a-w- c:\windows\War3Unin.exe
2011-11-25 11:36 . 2011-11-25 11:36 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2011-11-24 17:05 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-12 22:29 . 2011-11-12 22:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2011-11-12 22:29 . 2011-11-12 22:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2011-11-12 22:29 . 2011-11-12 22:29 369152 ----a-w- c:\windows\system32\secproc.dll
2011-11-12 22:29 . 2011-11-12 22:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2011-11-12 22:29 . 2011-11-12 22:29 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2011-11-12 22:29 . 2011-11-12 22:29 320512 ----a-w- c:\windows\system32\RMActivate.exe
2011-11-12 22:29 . 2011-11-12 22:29 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2011-11-12 22:29 . 2011-11-12 22:29 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2011-11-08 20:30 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2011-11-08 18:56 . 2011-11-04 19:23 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-06 17:06 . 2011-11-06 16:40 843892 ----a-w- c:\windows\system32\python22.dll
2011-11-06 16:50 . 2011-11-06 16:26 1806336 ----a-w- c:\windows\system32\speedtreert.dll
2011-11-06 16:47 . 2011-11-06 16:43 369719 ----a-w- c:\windows\system32\granny2.dll
2011-11-06 16:47 . 2011-11-06 16:36 372736 ----a-w- c:\windows\system32\ijl15.dll
2011-11-06 16:43 . 2011-11-06 16:15 81920 ----a-w- c:\windows\system32\errorlog.exe
2011-11-06 16:38 . 2011-11-06 16:36 27648 ----a-w- c:\windows\system32\ilu.dll
2011-11-06 16:18 . 2011-11-06 16:15 269312 ----a-w- c:\windows\system32\devil.dll
2011-11-06 15:47 . 2011-11-06 15:47 258352 ----a-w- c:\windows\system32\unicows.dll
2011-11-06 15:47 . 2011-11-06 15:47 202240 ----a-w- c:\windows\system32\patchw32.dll
2011-11-06 15:47 . 2011-11-06 15:47 131072 ----a-w- c:\windows\system32\patchupdater.exe
2011-11-06 15:47 . 2011-11-06 15:47 434252 ----a-w- c:\windows\system32\msvcrtd.dll
2011-11-06 15:47 . 2011-11-06 15:47 349696 ----a-w- c:\windows\system32\mss32.dll
2011-11-06 15:47 . 2011-11-06 15:47 1565696 ----a-w- c:\windows\system32\metin2client.bin
2011-11-06 15:47 . 2011-11-06 15:47 593920 ----a-w- c:\windows\system32\metin2_patcher.exe
2011-11-06 15:47 . 2011-11-06 15:47 4151786 ----a-w- c:\windows\system32\metin2.bin
2011-11-06 15:47 . 2011-11-06 15:47 35328 ----a-w- c:\windows\system32\dsetup.dll
2011-11-06 15:47 . 2011-11-06 15:47 110592 ----a-w- c:\windows\system32\artpclnt.dll
2011-11-06 09:42 . 2011-11-06 09:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 21:24 . 2011-11-05 21:24 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2010-02-10 03:18 . 2011-12-26 08:22 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-11-21 04:45 . 2011-12-10 09:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-15 11:13 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-15 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 19:46 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"Steam"="c:\program files\steam\steam.exe" [2011-11-05 1242448]
"Skype"="c:\program files\skype\phone\skype.exe" [2011-10-13 19550344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-11-11 5960560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-01-24 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 15:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2011-11-11 18:00 5960560 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 15:18 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-01-15 11:13 939872 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Mail.Ru\Guard\GuardMailRu.exe [x]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
R2 Iprip;DCOM+ Server Process;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Classic\safedrv.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-03-22 30600]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-03-22 19280]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1343400]
R3 XDva375;XDva375;c:\windows\system32\XDva375.sys [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-07-11 18768]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-05 232512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AcuWVSSchedulerv7;Acunetix WVS Scheduler v7;c:\program files\Acunetix\Web Vulnerability Scanner 7\WVSScheduler7.exe [2011-10-05 675976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-01-27 91936]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-01-15 909152]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Iprip
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.garena.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Stiahnuť s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Guard.Mail.ru - c:\program files\mail.ru\guard\guardmailru.exe
AddRemove-Plants vs. Zombies - c:\program files\PopCap Games\Plants vs. Zombies\PopUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5912)
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2012-02-02 15:11:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-02 14:11
.
Pre-Run: 5 997 957 120 bytes free
Post-Run: 6 008 156 160 bytes free
.
- - End Of File - - FE4709EDC366821AC89BB89827E3D237

#11 Příspěvek od **vyosek** » 02 úno 2012 22:01

Pokud tu budete priste s nelegalnimi windows, tak bude pomoc odmitnuta

Doporucuji vymenit avg za Avast, Aviru ci MSE. avg nemame moc v oblibe - vysoka zatez systemu, slabsi detekce

Odinstalujte Advanced SystemCare 5 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti

Poprosim o log z DDS

Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/dds.com a ulozte na plochu
Spustte a kliknete na Start
Po chvili vyskoci log, ten rad uvidim

dex73r · #12 Příspěvek od **dex73r** » 08 úno 2012 17:00

Ahoj, prosím o lock. System preinštalovaný, nešiel zapať PC. Ďakujem za ochotu, bohužial som bol až moc pomaly

#13 Příspěvek od **vyosek** » 08 úno 2012 17:08

Neni zac, zamykam...A priste myslete na legalni windows jinak se pomoci nedockate

VIRY.CZ

AVG hlási virus

AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus

Re: AVG hlási virus