Prosim, mozte sa niekto pozriet na moje LOGy?

Zpráva

nightFlyer · #1 Příspěvek od **nightFlyer** » 02 zář 2012 02:48

Mam podozrenie na virus, mozte mi prosim pomoct?

#### hijakthis log #####

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-09-02 03:34:42
Microsoft Windows 7 Ultimate Service Pack 1
System drive F: has 15 GB (12%) free of 118 GB
Total RAM: 2046 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:35:38, on 2. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
F:\Program Files (x86)\VMware\vmware-tray.exe
F:\Program Files (x86)\AVG\AVG2012\avgtray.exe
F:\Program Files (x86)\AVG Secure Search\vprot.exe
F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
F:\Program Files (x86)\mControl\mControl.exe
C:\Documents and Settings\WarezBos\Dokumenty\bircd\bircd.exe
C:\Program Files\mIRC\mirc.exe
F:\Program Files (x86)\uTorrent\uTorrent.exe
F:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Program Files\trend micro\Admin.exe
F:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=10195&home=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com?si=10195&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=10195&home=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - F:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - F:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [vmware-tray] "F:\Program Files (x86)\VMware\vmware-tray.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "F:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "F:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVP] "F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
O4 - HKCU\..\Run: [NetLimiter] F:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKCU\..\RunOnce: [SophosVirusRemovalTool] "F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe"
O4 - HKUS\S-1-5-21-2109600733-816950256-3635563028-1001\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Nino')
O9 - Extra button: Statistika součásti Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - F:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: f:\program files (x86)\vmware\vsocklib.dll
O10 - Unknown file in Winsock LSP: f:\program files (x86)\vmware\vsocklib.dll
O15 - Trusted Zone: http://cag1.sepsas.sk
O15 - Trusted Zone: http://cag2.sepsas.sk
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - F:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: F:\Windows\SysWOW64\guard32.dll F:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll F:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - F:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - F:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - F:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - F:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - F:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - F:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - F:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sophos Virus Removal Tool Cleanup Service (SCTCleanupService) - Sophos Limited - F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTCleanupService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - F:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - F:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - F:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - F:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files (x86)\VMware\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - F:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - F:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files (x86)\VMware\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - F:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - F:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - F:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - F:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - F:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9787 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
F:\Windows\system32\services.exe
F:\Windows\system32\lsass.exe
F:\Windows\system32\lsm.exe
F:\Windows\system32\svchost.exe -k DcomLaunch
F:\Windows\system32\svchost.exe -k RPCSS
"F:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
F:\Windows\system32\svchost.exe -k NetworkService
F:\Windows\system32\atiesrxx.exe
F:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
F:\Windows\system32\svchost.exe -k netsvcs
F:\Windows\system32\svchost.exe -k LocalService
atieclxx
F:\Windows\System32\spoolsv.exe
F:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
F:\Windows\Explorer.EXE
"taskhost.exe"
"F:\Program Files\kX Audio Driver\3548\kxmixer.exe" --startup
"F:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"F:\Program Files (x86)\VMware\vmware-tray.exe"
"F:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
"F:\Program Files (x86)\AVG Secure Search\vprot.exe"
"F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
"F:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
"F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" -r
F:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
F:\Windows\SysWOW64\vmnat.exe
"F:\Program Files (x86)\VMware\vmware-authd.exe"
"F:\Program Files (x86)\mControl\mControl.exe" /restoreprofile lukas
F:\Windows\SysWOW64\vmnetdhcp.exe
F:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"F:\Program Files (x86)\Eset\nod32krn.exe"
"F:\Windows\system32\Dwm.exe"
"C:\Documents and Settings\WarezBos\Dokumenty\bircd\bircd.exe"
"C:\Program Files\mIRC\mirc.exe"
"F:\Program Files\NetLimiter 3\nlsvc.exe"
"F:\Program Files\NetLimiter 3\NLClientApp.exe"
"F:\Program Files (x86)\uTorrent\uTorrent.exe" "F:\Users\Nino\Downloads\Simpsonovi.23x22.Liza.a.Lady.Gaga.WEB-DL.XviD.CZ.torrent"
"F:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe" /command_id=e1385308-703c-4e6c-a181-e4428c894654 /client_id=66d09855-5477-451a-b814-376e18244811
"F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files\VideoLAN\VLC\vlc.exe"
"C:\StrongDc++\StrongDC.exe"
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe"
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3064.4.1639272979\1176284327" --lang=sk --ignored=" --type=renderer " /prefetch:13
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3064.5.1450255359\670305179" --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x9440 --gpu-driver-version=8.961.0.0 --ignored=" --type=renderer " /prefetch:12
"F:\Windows\system32\NOTEPAD.EXE" F:\ComboFix.txt
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpdyCwnd/cwndMin16/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_91/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="3064.10.1529209115\1552327605" /prefetch:3
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpdyCwnd/cwndMin16/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_91/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="3064.11.956509781\977762804" /prefetch:3
"F:\Users\Nino\Downloads\RSITx64.exe"
F:\Windows\system32\wbem\wmiprvse.exe
"F:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
"F:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4912 CREDAT:79873

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
Complitly - F:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll [2012-05-21 169688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - F:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-06-13 1392760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - F:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
Complitly - F:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll [2012-05-21 142040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - F:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-06-13 937592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - F:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-19 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - F:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll [2012-07-17 2074208]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - F:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - F:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll [2012-07-17 2074208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"=F:\Program Files\kX Audio Driver\3548\kxmixer.exe [2009-07-28 677896]
"COMODO Internet Security"=F:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 9569096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=F:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"=F:\Program Files\NetLimiter 3\NLClientApp.exe [2010-08-30 2790400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SophosVirusRemovalTool"=F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe [2012-07-10 1148992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min F:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
F:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
F:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
F:\Program Files (x86)\Eset\nod32kui.exe [2012-08-30 949376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder]
F:\Program Files (x86)\Eset\UpdateReminder.exe [2012-08-30 451704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"=F:\Program Files (x86)\VMware\vmware-tray.exe [2010-11-11 129648]
"AVG_TRAY"=F:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2012-04-05 2587008]
"vProt"=F:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-07-17 1107552]
"AVP"=F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2009-10-28 315736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="F:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\kloehk.dll F:\Windows\System32\guard64.dll F:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - F:\Windows\system32\webcheck.dll [2010-11-21 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=4
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LocalAccountTokenFilterPolicy"=1
"DisableStatusMessages"=1
"HideFastUserSwitching"=1
"DisableStartupSound"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoInstrumentation"=1
"NoThumbnailCache"=1
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\Program Files (x86)\BulletProof FTP Server 2010\bpftpserver-2010.exe"="F:\Program Files (x86)\BulletProof FTP Server 2010\bpftpserver-2010.exe:*:Enabled:BulletProof FTP Server 2010 (http://www.bpftpserver.com)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=F:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit -
.vbs - edit -

======List of files/folders created in the last 1 month======

2012-09-02 03:34:47 ----D---- F:\Program Files\trend micro
2012-09-02 03:34:42 ----D---- F:\rsit
2012-09-02 03:29:25 ----A---- F:\Windows\system32\SCTBootTasks.exe
2012-09-01 22:55:52 ----D---- F:\Users\Admin\AppData\Roaming\Malwarebytes
2012-09-01 22:55:29 ----D---- F:\ProgramData\Malwarebytes
2012-09-01 22:55:25 ----D---- F:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-01 18:38:43 ----D---- F:\ProgramData\Sophos
2012-09-01 18:37:39 ----D---- F:\Program Files (x86)\Sophos
2012-08-30 17:45:29 ----D---- F:\Program Files (x86)\TeamViewer
2012-08-30 01:39:23 ----A---- F:\Windows\SYSWOW64\imon.dll
2012-08-30 01:39:23 ----A---- F:\Windows\system32\imon.dll
2012-08-30 01:39:15 ----A---- F:\Windows\system32\drivers\amon.sys
2012-08-30 01:39:14 ----D---- F:\Program Files (x86)\Eset
2012-08-29 05:56:26 ----SHD---- F:\$RECYCLE.BIN
2012-08-29 03:27:08 ----A---- F:\ComboFix.txt
2012-08-29 03:02:59 ----A---- F:\Windows\zip.exe
2012-08-29 03:02:59 ----A---- F:\Windows\SWSC.exe
2012-08-29 03:02:59 ----A---- F:\Windows\SWREG.exe
2012-08-29 03:02:59 ----A---- F:\Windows\sed.exe
2012-08-29 03:02:59 ----A---- F:\Windows\PEV.exe
2012-08-29 03:02:59 ----A---- F:\Windows\NIRCMD.exe
2012-08-29 03:02:59 ----A---- F:\Windows\MBR.exe
2012-08-29 03:02:59 ----A---- F:\Windows\grep.exe
2012-08-29 03:01:34 ----D---- F:\Windows\ERDNT
2012-08-29 02:58:14 ----D---- F:\Qoobox
2012-08-28 16:28:39 ----ASH---- F:\Users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-08-28 16:28:23 ----D---- F:\Program Files (x86)\jv16 PowerTools 2010
2012-08-19 18:55:44 ----D---- F:\Users\Admin\AppData\Roaming\Complitly
2012-08-19 18:54:46 ----D---- F:\ProgramData\SearchOnline
2012-08-19 18:54:46 ----D---- F:\Program Files (x86)\Check Host
2012-08-18 17:49:43 ----D---- F:\Program Files (x86)\DOSBox-0.74
2012-08-18 01:02:44 ----A---- F:\Windows\system32\DfSdkBt.exe
2012-08-18 01:02:18 ----D---- F:\Program Files (x86)\Ashampoo
2012-08-07 22:01:22 ----A---- F:\Windows\system32\drivers\klin.dat
2012-08-07 22:01:22 ----A---- F:\Windows\system32\drivers\klick.dat
2012-08-07 22:00:30 ----D---- F:\ProgramData\Kaspersky Lab
2012-08-07 22:00:18 ----A---- F:\Windows\system32\drivers\klif.sys
2012-08-03 22:50:50 ----D---- F:\Program Files (x86)\LinuxLive USB Creator

======List of files/folders modified in the last 1 month======

2012-09-02 03:35:34 ----D---- F:\Windows\Temp
2012-09-02 03:34:47 ----RD---- F:\Program Files
2012-09-02 03:29:25 ----D---- F:\Windows\system32\drivers
2012-09-02 03:29:25 ----D---- F:\Windows\System32
2012-09-02 03:29:05 ----D---- F:\SourceSDK
2012-09-02 02:31:58 ----RD---- F:\Program Files (x86)
2012-09-01 22:55:29 ----D---- F:\ProgramData
2012-09-01 22:00:13 ----D---- F:\Windows\system32\drivers\AVG
2012-09-01 18:38:32 ----SHD---- F:\Windows\Installer
2012-09-01 18:38:22 ----SD---- F:\Users\Admin\AppData\Roaming\Microsoft
2012-09-01 18:37:08 ----SHD---- F:\System Volume Information
2012-09-01 17:54:11 ----D---- F:\Program Files (x86)\Steam
2012-09-01 17:45:44 ----A---- F:\Windows\system32\PerfStringBackup.INI
2012-09-01 17:45:43 ----D---- F:\Windows\inf
2012-09-01 13:45:00 ----D---- F:\ProgramData\MFAData
2012-09-01 13:41:35 ----D---- F:\Windows\SYSWOW64\drivers
2012-09-01 13:40:00 ----D---- F:\ProgramData\VMware
2012-09-01 02:22:32 ----D---- F:\Windows\SysWOW64
2012-09-01 02:22:30 ----D---- F:\Windows\Help
2012-09-01 02:22:29 ----D---- F:\Windows
2012-08-31 19:29:32 ----D---- F:\Users\Admin\AppData\Roaming\uTorrent
2012-08-30 06:27:44 ----D---- F:\Windows\system32\catroot2
2012-08-30 01:53:31 ----SD---- F:\ProgramData\Microsoft
2012-08-29 19:18:24 ----D---- F:\ProgramData\Microsoft Help
2012-08-29 16:46:48 ----D---- F:\Windows\rescache
2012-08-29 06:25:18 ----D---- F:\Games
2012-08-29 03:25:28 ----D---- F:\Windows\system32\Tasks
2012-08-29 03:25:24 ----D---- F:\Windows\Tasks
2012-08-29 03:23:47 ----N---- F:\Windows\system.ini
2012-08-29 03:12:26 ----D---- F:\Windows\AppPatch
2012-08-29 03:12:24 ----D---- F:\Program Files (x86)\Common Files
2012-08-28 23:19:14 ----D---- F:\Windows\Prefetch
2012-08-28 22:05:30 ----D---- F:\Windows\Minidump
2012-08-28 16:47:22 ----D---- F:\backupstorage
2012-08-25 13:14:31 ----D---- F:\Windows\system32\config
2012-08-25 13:14:09 ----D---- F:\Windows\SYSWOW64\cs-CZ
2012-08-25 13:14:04 ----D---- F:\Windows\system32\en-US
2012-08-25 13:14:04 ----D---- F:\Windows\system32\cs-CZ
2012-08-25 13:14:04 ----D---- F:\Windows\PolicyDefinitions
2012-08-25 13:01:21 ----D---- F:\Windows\winsxs
2012-08-23 13:48:04 ----D---- F:\Windows\system32\DriverStore
2012-08-18 00:40:57 ----D---- F:\Windows\Logs
2012-08-17 14:46:57 ----RD---- F:\Users
2012-08-16 12:12:53 ----D---- F:\ProgramData\AVG2012
2012-08-15 20:08:31 ----AD---- F:\ProgramData\TEMP
2012-08-15 08:38:39 ----D---- F:\Windows\system32\NDF
2012-08-07 22:01:07 ----D---- F:\Windows\system32\catroot
2012-08-07 22:00:30 ----D---- F:\Program Files (x86)\Kaspersky Lab
2012-08-07 21:46:02 ----D---- F:\Windows\debug
2012-08-07 21:25:51 ----D---- F:\kleaner.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; F:\Windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver; F:\Windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
R0 pciide;pciide; F:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; F:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 Avgfwfd;AVG network filter service; F:\Windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
R1 Avgldx64;AVG AVI Loader Driver; F:\Windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; F:\Windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver; F:\Windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; F:\Windows\System32\DRIVERS\cmdguard.sys [2012-03-11 577824]
R1 cmdHlp;COMODO Internet Security Helper Driver; F:\Windows\System32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; F:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ElbyCDIO;ElbyCDIO Driver; F:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 inspect;COMODO Internet Security Firewall Driver; F:\Windows\system32\DRIVERS\inspect.sys [2011-12-19 93200]
R1 kl1;kl1; F:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 157712]
R1 KLIF;Kaspersky Lab Driver; F:\Windows\system32\DRIVERS\klif.sys [2012-08-07 259600]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; F:\Windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
R1 nltdi;nltdi; \??\F:\Program Files\NetLimiter 3\nltdi.sys [2010-08-30 88200]
R1 vwififlt;Virtual WiFi Filter Driver; F:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AMON;AMON; F:\Windows\system32\drivers\amon.sys [2012-08-30 146704]
R2 hcmon;VMware hcmon; \??\F:\Windows\system32\drivers\hcmon.sys [2010-11-11 38512]
R2 vmci;VMware vmci; \??\F:\Windows\system32\drivers\vmci.sys [2010-11-11 81008]
R2 VMnetBridge;VMware Bridge Protocol; F:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-11-11 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\F:\Windows\system32\drivers\vmnetuserif.sys [2010-11-11 30320]
R2 VMparport;VMware VMparport; \??\F:\Windows\system32\drivers\VMparport.sys [2010-11-11 30832]
R2 vmx86;VMware vmx86; \??\F:\Windows\system32\drivers\vmx86.sys [2010-11-11 68720]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\F:\Program Files (x86)\VMware\vstor2-ws60.sys [2010-08-19 32816]
R3 amdiox64;AMD IO Driver; F:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; F:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; F:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; F:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 AVGIDSDriver;AVGIDSDriver; F:\Windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter; F:\Windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; F:\Windows\system32\DRIVERS\klfltdev.sys [2009-09-03 30736]
R3 kxwdmdrv;kX WDM Driver Service; F:\Windows\system32\drivers\kx.sys [2009-07-28 763784]
R3 NLNdisMP;NLNdisMP; F:\Windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
R3 RTL8167;Ovladač Realtek 8167 NT; F:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 VClone;VClone; F:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
R3 vmkbd;VMware kbd; \??\F:\Windows\system32\drivers\VMkbd.sys [2010-11-11 31856]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; F:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-11-11 20016]
R4 MBAMProtector;MBAMProtector; \??\F:\Windows\system32\drivers\mbam.sys []
S1 SCTBootDriver;SCTBootDriver; F:\Windows\system32\DRIVERS\SCTBootDriver.sys [2012-07-10 27464]
S3 atikmdag;atikmdag; F:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; F:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Služba Bluetooth Enumerator; F:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); F:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; F:\Windows\System32\Drivers\BTHport.sys [2010-11-21 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; F:\Windows\System32\Drivers\BTHUSB.sys [2010-11-21 80384]
S3 dmvsc;dmvsc; F:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; F:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; F:\Windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
S3 RDPDR;Terminal Server Device Redirector Driver; F:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; F:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); F:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; F:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; F:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; F:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; F:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; F:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; F:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; F:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; F:\Windows\system32\drivers\VGPU.sys []
S3 vmbus;vmbus; F:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; F:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vmusb;VMware USB Client Driver; F:\Windows\System32\Drivers\vmusb.sys [2010-11-11 37680]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; F:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 AMD FUEL Service;AMD FUEL Service; F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R2 avgwd;AVG WatchDog; F:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 AVP;Kaspersky Anti-Virus 6.0; F:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [2009-10-28 315736]
R2 cmdAgent;COMODO Internet Security Helper Service; F:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 2815496]
R2 VMAuthdService;VMware Authorization Service; F:\Program Files (x86)\VMware\vmware-authd.exe [2010-11-11 113264]
R2 VMnetDHCP;VMware DHCP Service; F:\Windows\syswow64\vmnetdhcp.exe [2010-11-11 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R2 VMware NAT Service;VMware NAT Service; F:\Windows\syswow64\vmnat.exe [2010-11-11 404080]
R3 nlsvc;NetLimiter 3 Service; F:\Program Files\NetLimiter 3\nlsvc.exe [2010-08-30 1743872]
R3 NOD32krn;NOD32 Kernel Service; F:\Program Files (x86)\Eset\nod32krn.exe [2012-08-30 552064]
R4 MBAMService;MBAMService; F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 AHDDC2;Ashampoo HDD Control 2 Service; F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-04-05 1518976]
S2 avgfws;AVG Firewall; F:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent; F:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SCTCleanupService;Sophos Virus Removal Tool Cleanup Service; F:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SCTCleanupService.exe [2012-07-10 297536]
S3 AppMgmt;@appmgmts.dll,-3250; F:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DfSdkS;Defragmentation-Service; F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [2009-08-24 544768]
S3 NMIndexingService;NMIndexingService; F:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose64;Office 64 Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; F:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-06-30 529232]
S3 ufad-ws60;VMware Agent Service; F:\Program Files (x86)\VMware\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 TeamViewer7;TeamViewer 7; F:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-30 3027840]
S4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0; F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe []

-----------------EOF-----------------

###########################
combofix log
###########################
ComboFix 12-08-28.03 - Admin . 08. 2012 3:06.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.2046.947 [GMT 2:00]
Running from: c:\airoscript\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
AV: Kaspersky Endpoint Security 8 for Windows *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
FW: Kaspersky Anti-Virus *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
FW: Kaspersky Endpoint Security 8 for Windows *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Kaspersky Endpoint Security 8 for Windows *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 01:17 . 2012-08-29 01:17 -------- d-----w- f:\users\Mcx1-Admin-PC\AppData\Local\temp
2012-08-29 01:17 . 2012-08-29 01:17 -------- d-----w- f:\users\Admin\AppData\Local\temp
2012-08-29 01:17 . 2012-08-29 01:17 -------- d-----w- f:\users\Default\AppData\Local\temp
2012-08-28 14:28 . 2012-08-28 14:28 22 --sha-w- f:\windows\Sys3390 SettingsCollection.bin
2012-08-28 14:28 . 2012-08-28 14:28 22 --sha-w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-08-28 14:28 . 2012-08-28 14:28 -------- d-----w- f:\program files (x86)\jv16 PowerTools 2010
2012-08-19 16:55 . 2012-08-19 16:56 -------- d-----w- f:\users\Nino\AppData\Roaming\CheckHost
2012-08-19 16:55 . 2012-08-19 16:55 -------- d-----w- f:\users\Admin\AppData\Roaming\Complitly
2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----w- f:\program files (x86)\Check Host
2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----w- f:\programdata\SearchOnline
2012-08-19 14:34 . 2012-08-19 14:40 -------- d-----w- f:\users\Nino\AppData\Local\Darksiders2
2012-08-18 15:50 . 2012-08-18 15:50 -------- d-----w- f:\users\Nino\AppData\Local\DOSBox
2012-08-18 15:49 . 2012-08-18 15:49 -------- d-----w- f:\program files (x86)\DOSBox-0.74
2012-08-17 23:02 . 2009-08-24 20:13 34304 ----a-w- f:\windows\system32\DfSdkBt.exe
2012-08-17 23:02 . 2012-08-17 23:02 -------- d-----w- f:\program files (x86)\Ashampoo
2012-08-07 20:00 . 2012-08-28 23:23 -------- d-----w- f:\programdata\Kaspersky Lab
2012-08-07 20:00 . 2012-08-07 20:00 259600 ----a-w- f:\windows\system32\drivers\klif.sys
2012-08-03 20:50 . 2012-08-03 20:51 -------- d-----w- f:\program files (x86)\LinuxLive USB Creator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 14:28 . 2012-08-28 14:28 22 --sha-w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-08-28 14:28 . 2012-08-28 14:28 22 --sha-w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-07-27 13:31 . 2012-07-27 13:31 48648 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-27 13:31 . 2012-07-27 13:31 458064 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-10 12:47 . 2012-07-10 12:47 2618880 ----a-w- f:\windows\SysWow64\exeImagine.IMD
2012-07-10 12:47 . 2012-07-10 12:47 399872 ----a-w- f:\windows\SysWow64\nxImagine.ocx
2012-07-03 22:02 . 2012-07-03 22:02 48648 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-03 22:02 . 2012-07-03 22:02 458064 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-17 12:48 2074208 ----a-w- f:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "f:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-17 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="f:\program files\NetLimiter 3\NLClientApp.exe" [2010-08-30 2790400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"="f:\program files (x86)\VMware\vmware-tray.exe" [2010-11-11 129648]
"AVG_TRAY"="f:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="f:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-17 1107552]
"AVP"="f:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2009-10-28 315736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 4 (0x4)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=f:\windows\SysWOW64\guard32.dll f:\progra~2\KASPER~1\KASPER~1.0FO\kloehk.dll f:\progra~2\KASPER~1\KASPER~1.0FO\adialhk.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0f:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 avgfws;AVG Firewall;f:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;f:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;f:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DfSdkS;Defragmentation-Service;f:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [2009-08-24 544768]
R3 dmvsc;dmvsc;f:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;f:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;f:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
R3 ose64;Office 64 Source Engine;f:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;f:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;f:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;f:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;f:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU; [x]
R4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;f:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S0 AVGIDSHA;AVGIDSHA;f:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;f:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;f:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;f:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;f:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;f:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;f:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;f:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
S1 nltdi;nltdi;f:\program files\NetLimiter 3\nltdi.sys [2010-08-30 88200]
S1 vwififlt;Virtual WiFi Filter Driver;f:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AHDDC2;Ashampoo HDD Control 2 Service;f:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-04-05 1518976]
S2 AMD External Events Utility;AMD External Events Utility;f:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;f:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 avgwd;AVG WatchDog;f:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 vmci;VMware vmci;f:\windows\system32\drivers\vmci.sys [2010-11-11 81008]
S2 VMUSBArbService;VMware USB Arbitration Service;f:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 amdiox64;AMD IO Driver;f:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;f:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;f:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;f:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;f:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;f:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;f:\windows\system32\DRIVERS\klfltdev.sys [2009-09-03 30736]
S3 kxwdmdrv;kX WDM Driver Service;f:\windows\system32\drivers\kx.sys [2009-07-28 763784]
S3 NLNdisMP;NLNdisMP;f:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
S3 RTL8167;Ovladač Realtek 8167 NT;f:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="f:\program files\kX Audio Driver\3548\kxmixer.exe" [2009-07-28 677896]
"COMODO Internet Security"="f:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="f:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=f:\progra~2\KASPER~1\KASPER~1.0FO\x64\kloehk.dll f:\windows\System32\guard64.dll f:\progra~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchcompletion.com?si=10195&home=true
uDefault_Search_URL = hxxp://search.searchcompletion.com?si=10195&bs=true&q=
mStart Page = hxxp://www.searchcompletion.com?si=10195&home=true
mSearch Bar = hxxp://search.searchcompletion.com?si=10195&bs=true&q=
LSP: f:\program files (x86)\VMware\vsocklib.dll
Trusted Zone: sepsas.sk\cag1
Trusted Zone: sepsas.sk\cag2
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2109600733-816950256-3635563028-1001\Software\SecuROM\License information*]
"datasecu"=hex:00,23,92,ca,5b,c3,65,22,08,91,8d,33,02,7c,1a,66,20,8b,56,1e,3b,
7b,86,40,f6,21,c4,39,29,3f,16,23,00,d5,6c,e8,cf,a9,0d,68,fd,bb,ab,c9,1f,17,\
"rkeysecu"=hex:eb,fe,ba,19,f8,58,71,e9,e8,a7,64,b0,f8,88,d0,81
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-29 03:27:08
ComboFix-quarantined-files.txt 2012-08-29 01:27
.
Pre-Run: Volných bajtů: 18 377 474 048
Post-Run: Volných bajtů: 18 789 974 016
.
- - End Of File - - 1B7F3ADD51FD916FDA53EA4C19C62D3A

#2 Příspěvek od **Rudy** » 02 zář 2012 10:52

Především si z toho množství antivirů vyberte pouze jeden a ostatní odinstalujte. Pokud máte PC zavirované, pak jen proto, že antiviry mezi sebou jsou v sw konfliktu a pak propustí, co je jen možné. Zásada je používat pouze jeden antivir (firewall, antispy), který je aktuální a řádně nakonfigurovaný.
Používání utility ComboFix bez doporučení rádce, je hazard. Riskuje shození systému.
Po odinstalaci všech nadbytečných aplikací dejte znovu log ComboFix.

nightFlyer · #3 Příspěvek od **nightFlyer** » 02 zář 2012 15:13

Tak som teda 3[enpoint8,nod32,kis6] odinstaloval ale spusteny sa javil iba jeden-kis6.
Prikladam log z combofixu:

ComboFix 12-08-31.08 - Admin . 09. 2012 15:54:47.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.2046.1135 [GMT 2:00]
Running from: f:\combofix\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 14:03 . 2012-09-02 14:03 -------- d-----w- f:\users\Mcx1-Admin-PC\AppData\Local\temp
2012-09-02 14:03 . 2012-09-02 14:03 -------- d-----w- f:\users\Admin\AppData\Local\temp
2012-09-02 14:03 . 2012-09-02 14:03 -------- d-----w- f:\users\Default\AppData\Local\temp
2012-09-02 11:09 . 2012-09-02 11:09 -------- d-----w- F:\TDSSKiller_Quarantine
2012-09-02 01:34 . 2012-09-02 01:35 -------- d-----w- f:\program files\trend micro
2012-09-01 21:45 . 2012-09-02 11:14 -------- d-----w- f:\users\Nino\AppData\Roaming\dvdcss
2012-09-01 20:55 . 2012-09-01 20:55 -------- d-----w- f:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-01 20:55 . 2012-09-01 20:55 -------- d-----w- f:\programdata\Malwarebytes
2012-09-01 16:38 . 2012-09-01 16:38 -------- d-----w- f:\programdata\Sophos
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-01 16:37 . 2012-09-01 16:37 -------- d-----w- f:\program files (x86)\Sophos
2012-08-30 15:45 . 2012-08-30 15:45 -------- d-----w- f:\program files (x86)\TeamViewer
2012-08-30 15:38 . 2012-08-30 15:51 -------- d-----w- f:\users\Nino\AppData\Roaming\TeamViewer
2012-08-28 14:28 . 2012-08-28 14:28 22 --sha-w- f:\windows\Sys3390 SettingsCollection.bin
2012-08-28 14:28 . 2012-08-28 14:28 22 --sha-w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-08-28 14:28 . 2012-08-28 14:28 -------- d-----w- f:\program files (x86)\jv16 PowerTools 2010
2012-08-19 16:55 . 2012-08-19 16:56 -------- d-----w- f:\users\Nino\AppData\Roaming\CheckHost
2012-08-19 16:55 . 2012-08-19 16:55 -------- d-----w- f:\users\Admin\AppData\Roaming\Complitly
2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----w- f:\program files (x86)\Check Host
2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----w- f:\programdata\SearchOnline
2012-08-19 14:34 . 2012-08-19 14:40 -------- d-----w- f:\users\Nino\AppData\Local\Darksiders2
2012-08-18 15:50 . 2012-08-18 15:50 -------- d-----w- f:\users\Nino\AppData\Local\DOSBox
2012-08-18 15:49 . 2012-08-18 15:49 -------- d-----w- f:\program files (x86)\DOSBox-0.74
2012-08-17 23:02 . 2009-08-24 20:13 34304 ----a-w- f:\windows\system32\DfSdkBt.exe
2012-08-17 23:02 . 2012-08-17 23:02 -------- d-----w- f:\program files (x86)\Ashampoo
2012-08-03 20:50 . 2012-08-03 20:51 -------- d-----w- f:\program files (x86)\LinuxLive USB Creator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-28 14:28 . 2012-08-28 14:28 22 --sha-w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-08-28 14:28 . 2012-08-28 14:28 22 --sha-w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-07-27 13:31 . 2012-07-27 13:31 48648 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-27 13:31 . 2012-07-27 13:31 458064 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-10 12:47 . 2012-07-10 12:47 2618880 ----a-w- f:\windows\SysWow64\exeImagine.IMD
2012-07-10 12:47 . 2012-07-10 12:47 399872 ----a-w- f:\windows\SysWow64\nxImagine.ocx
2012-07-03 22:02 . 2012-07-03 22:02 48648 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-03 22:02 . 2012-07-03 22:02 458064 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-17 12:48 2074208 ----a-w- f:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "f:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-17 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="f:\program files\NetLimiter 3\NLClientApp.exe" [2010-08-30 2790400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"="f:\program files (x86)\VMware\vmware-tray.exe" [2010-11-11 129648]
"AVG_TRAY"="f:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="f:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-17 1107552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AE5F9A2A-B36F-4B47-9F5E-8C504685AEE8"="start" [X]
"UnKIS"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 4 (0x4)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=f:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0f:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 avgfws;AVG Firewall;f:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;f:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;f:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;f:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;f:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;f:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
R3 ose64;Office 64 Source Engine;f:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;f:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;f:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;f:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;f:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU; [x]
R4 TeamViewer7;TeamViewer 7;f:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-30 3027840]
R4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;f:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S0 AVGIDSHA;AVGIDSHA;f:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;f:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;f:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;f:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;f:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;f:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;f:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;f:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 nltdi;nltdi;f:\program files\NetLimiter 3\nltdi.sys [2010-08-30 88200]
S1 vwififlt;Virtual WiFi Filter Driver;f:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AHDDC2;Ashampoo HDD Control 2 Service;f:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-04-05 1518976]
S2 AMD External Events Utility;AMD External Events Utility;f:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;f:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 avgwd;AVG WatchDog;f:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 vmci;VMware vmci;f:\windows\system32\drivers\vmci.sys [2010-11-11 81008]
S2 VMUSBArbService;VMware USB Arbitration Service;f:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 amdiox64;AMD IO Driver;f:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;f:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;f:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;f:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;f:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;f:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 kxwdmdrv;kX WDM Driver Service;f:\windows\system32\drivers\kx.sys [2009-07-28 763784]
S3 NLNdisMP;NLNdisMP;f:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
S3 RTL8167;Ovladač Realtek 8167 NT;f:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="f:\program files\kX Audio Driver\3548\kxmixer.exe" [2009-07-28 677896]
"COMODO Internet Security"="f:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=f:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchcompletion.com?si=10195&home=true
uDefault_Search_URL = hxxp://search.searchcompletion.com?si=10195&bs=true&q=
mStart Page = hxxp://www.searchcompletion.com?si=10195&home=true
mSearch Bar = hxxp://search.searchcompletion.com?si=10195&bs=true&q=
LSP: f:\program files (x86)\VMware\vsocklib.dll
Trusted Zone: sepsas.sk\cag1
Trusted Zone: sepsas.sk\cag2
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-87029813.sys
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2109600733-816950256-3635563028-1001\Software\SecuROM\License information*]
"datasecu"=hex:00,23,92,ca,5b,c3,65,22,08,91,8d,33,02,7c,1a,66,20,8b,56,1e,3b,
7b,86,40,f6,21,c4,39,29,3f,16,23,00,d5,6c,e8,cf,a9,0d,68,fd,bb,ab,c9,1f,17,\
"rkeysecu"=hex:eb,fe,ba,19,f8,58,71,e9,e8,a7,64,b0,f8,88,d0,81
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-02 16:06:36
ComboFix-quarantined-files.txt 2012-09-02 14:06
.
Pre-Run: Volných bajtů: 16 339 099 648
Post-Run: Volných bajtů: 16 369 754 112
.
- - End Of File - - 6DD18E6327138C16F15C79201FB4CE06

Este dodavam ze mam podozrenie na zatial antivirusovymi programami neznamamu definiciu trojskeho kona alebo rootkit.
Skusal som napr. skopirovat mbr subor cez prikaz mbrfix 0 /savembr zaloha0.mbr, aby som mohol subor odoslat
na analyzu ale program mi vypisal chybu nieco v zmysle ze nema pristup alebo opravnenie(samozrejme ze som to spustal s pouzivatelskymi pravami spravcu pocitaca).
Moje podozrenie vypliva z toho co za anomalie som videl na vlastne oci, vyzeralo to ako vzdialena sprava pocitaca
(samovolne pohyby kurzorom mysi, cudnestne okna podobne ms-dos programom sa zatvarali a otvarali sami odseba) ale v procesoch som nevidel nic nezvycajne.
Windows je relativne cerstvo naistalovany skoro ziadne hry a strasne malo programov, iba najnutnejsie drivery a soft na video a samozrejme av+fw.

#4 Příspěvek od **Rudy** » 02 zář 2012 17:14

Zapnuto bylo všchno toto:

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
AV: Kaspersky Endpoint Security 8 for Windows *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
FW: Kaspersky Anti-Virus *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
FW: Kaspersky Endpoint Security 8 for Windows *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Kaspersky Endpoint Security 8 for Windows *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Sám jste to vypínal. Vše, co platí o antivirech, samozřejmě platí i o antispy a firewallech. Také musí bít v jednom systému pouze jeden. Máte-li AVG internet security, ponechte si pouze ten, neboť obsahuje vše potřebné a ostatní buď povypínejte, nebo dejte do pryč.

Další věc: Nespouštějte nic (např. TDSSKiller) do doby, než k tomu budete vyzván.

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
f:\windows\Sys3390 SettingsCollection.bin
f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
f:\windows\system32\DfSdkBt.exe

Regnull::
[HKEY_USERS\S-1-5-21-2109600733-816950256-3635563028-1001\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

nightFlyer · #5 Příspěvek od **nightFlyer** » 02 zář 2012 18:43

Po reboote sa combofix nejako cudne sprava .. ospravedlnujem sa za kvalitu nahravky http://img843.imageshack.us/flvplayer.s ... newmyjgmhp
pomohlo iba ctrl+c na ukoncenie toho combofix scriptu ale vyzera to ze svoju pracu nedokoncil ... ani log nikde nevidim po nom.

#6 Příspěvek od **Rudy** » 02 zář 2012 19:21

To je tím, že si spouštíte všechno možné bez porady s rádcem. Zkuste CF spustit v nouz. režimu.

nightFlyer · #7 Příspěvek od **nightFlyer** » 02 zář 2012 21:22

Combofix v nudzovom rezime zrejme zabral chybova hlaska s odpadkovym kosom je prec.
Ale log po sebe combofix nezanechal, preto som si dovolil znova spustit rsit hijackthis.
Spominany log log je tu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-09-02 22:16:00
Microsoft Windows 7 Ultimate Service Pack 1
System drive F: has 17 GB (14%) free of 118 GB
Total RAM: 2046 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:16:20, on 2. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
F:\Program Files (x86)\VMware\vmware-tray.exe
F:\Program Files (x86)\AVG\AVG2012\avgtray.exe
F:\Program Files (x86)\AVG Secure Search\vprot.exe
F:\Program Files (x86)\AIMP3\AIMP3.exe
F:\Program Files (x86)\mControl\mControl.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe
F:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=10195&home=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com?si=10195&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=10195&home=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - F:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - F:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [vmware-tray] "F:\Program Files (x86)\VMware\vmware-tray.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "F:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "F:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [NetLimiter] F:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKUS\S-1-5-21-2109600733-816950256-3635563028-1001\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Nino')
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - F:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O10 - Unknown file in Winsock LSP: f:\program files (x86)\vmware\vsocklib.dll
O10 - Unknown file in Winsock LSP: f:\program files (x86)\vmware\vsocklib.dll
O15 - Trusted Zone: http://cag1.sepsas.sk
O15 - Trusted Zone: http://cag2.sepsas.sk
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - F:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - F:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - F:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - F:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - F:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - F:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - F:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - F:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - F:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - F:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files (x86)\VMware\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - F:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - F:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files (x86)\VMware\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - F:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - F:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - F:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - F:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - F:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8118 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
F:\PROGRA~2\AVG\AVG2012\avgrsa.exe /boot
F:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=c52ad377-c5b1-4902-ab12-b60c8e0da120 /coreSdkOptions=286 /logConfFile="F:\ProgramData\AVG2012\temp\40aae017-7c82-4743-921f-fa521ad3057e-170-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="F:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="F:\ProgramData\AVG2012\temp\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
F:\Windows\system32\services.exe
F:\Windows\system32\lsass.exe
F:\Windows\system32\lsm.exe
F:\Windows\system32\svchost.exe -k DcomLaunch
F:\Windows\system32\svchost.exe -k RPCSS
F:\Windows\system32\atiesrxx.exe
F:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
F:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
F:\Windows\system32\svchost.exe -k netsvcs
F:\Windows\system32\svchost.exe -k LocalService
atieclxx
F:\Windows\System32\spoolsv.exe
F:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"F:\Windows\system32\Dwm.exe"
F:\Windows\Explorer.EXE
F:\Windows\System32\svchost.exe -k NetworkService
"taskhost.exe"
"F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe"
"F:\Program Files\kX Audio Driver\3548\kxmixer.exe" --startup
"F:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"F:\Program Files (x86)\VMware\vmware-tray.exe"
"F:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
"F:\Program Files (x86)\AVG Secure Search\vprot.exe"
"F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"F:\Program Files (x86)\AVG\AVG2012\avgfws.exe"
"F:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
F:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
F:\Windows\SysWOW64\vmnat.exe
"F:\Program Files (x86)\VMware\vmware-authd.exe"
F:\Windows\SysWOW64\vmnetdhcp.exe
"F:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe"
"F:\Program Files (x86)\AVG\AVG2012\avgnsa.exe"
"F:\Program Files (x86)\AVG\AVG2012\avgemca.exe"
F:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
F:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=2774690c-4b77-4919-b48d-48214e805a11 /coreSdkOptions=18 /logConfFile="F:\ProgramData\AVG2012\temp\45c1210d-a2a4-4602-9aa0-2c670ae39703-bc4-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="F:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="F:\ProgramData\AVG2012\temp\"
"F:\Program Files (x86)\AIMP3\AIMP3.exe"
"F:\Program Files (x86)\mControl\mControl.exe" /restoreprofile lukas
F:\Windows\system32\wbem\wmiprvse.exe
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe"
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_91/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="2140.1.1740826073\184060090" /prefetch:3
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2140.2.1254704992\626221576" --lang=sk --ignored=" --type=renderer " /prefetch:13
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2140.3.2004080675\1752579180" --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x9440 --gpu-driver-version=8.961.0.0 --ignored=" --type=renderer " /prefetch:12
"F:\Users\Nino\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/15/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V1/SpdyCwnd/cwndDynamic/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_91/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="2140.4.208650809\866305563" /prefetch:3
F:\Windows\system32\svchost.exe -k SDRSVC
"F:\Users\Nino\Downloads\RSITx64.exe"
F:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
Complitly - F:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll [2012-05-21 169688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - F:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-06-13 1392760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - F:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
Complitly - F:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll [2012-05-21 142040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - F:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [2012-06-13 937592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - F:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-19 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - F:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll [2012-07-17 2074208]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - F:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - F:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll [2012-07-17 2074208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"=F:\Program Files\kX Audio Driver\3548\kxmixer.exe [2009-07-28 677896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"=F:\Program Files\NetLimiter 3\NLClientApp.exe [2010-08-30 2790400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min F:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
F:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
F:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
F:\Program Files (x86)\Eset\nod32kui.exe /WAITSERVICE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder]
F:\Program Files (x86)\Eset\UpdateReminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"=F:\Program Files (x86)\VMware\vmware-tray.exe [2010-11-11 129648]
"AVG_TRAY"=F:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2012-04-05 2587008]
"vProt"=F:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-07-17 1107552]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=grpconv -o []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="F:\Windows\System32\guard64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - F:\Windows\system32\webcheck.dll [2010-11-21 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=4
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LocalAccountTokenFilterPolicy"=1
"DisableStatusMessages"=1
"HideFastUserSwitching"=1
"DisableStartupSound"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoInstrumentation"=1
"NoThumbnailCache"=1
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\Program Files (x86)\BulletProof FTP Server 2010\bpftpserver-2010.exe"="F:\Program Files (x86)\BulletProof FTP Server 2010\bpftpserver-2010.exe:*:Enabled:BulletProof FTP Server 2010 (http://www.bpftpserver.com)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=F:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.js - edit -
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.vbs - edit -
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.cpl - cplopen - %SystemRoot%\SysWow64\control.exe "%1",%*

======List of files/folders created in the last 1 month======

2012-09-02 22:16:00 ----D---- F:\rsit
2012-09-02 22:04:21 ----SHD---- F:\$RECYCLE.BIN
2012-09-02 21:58:13 ----D---- F:\Windows\temp
2012-09-02 21:49:25 ----A---- F:\Windows\MBR.exe
2012-09-02 21:49:24 ----A---- F:\Windows\zip.exe
2012-09-02 21:49:24 ----A---- F:\Windows\SWSC.exe
2012-09-02 21:49:24 ----A---- F:\Windows\SWREG.exe
2012-09-02 21:49:24 ----A---- F:\Windows\sed.exe
2012-09-02 21:49:24 ----A---- F:\Windows\PEV.exe
2012-09-02 21:49:24 ----A---- F:\Windows\grep.exe
2012-09-02 21:49:21 ----D---- F:\ComboFix
2012-09-02 21:49:19 ----D---- F:\Qoobox
2012-09-02 21:43:42 ----A---- F:\Windows\NIRCMD.exe
2012-09-02 20:06:17 ----D---- F:\ProgramData\Kaspersky Lab
2012-09-02 20:04:18 ----A---- F:\Windows\ntbtlog.txt
2012-09-02 20:00:06 ----A---- F:\Windows\system32\drivers\07327581.sys
2012-09-02 14:03:28 ----D---- F:\Config.Msi
2012-09-02 13:09:19 ----D---- F:\TDSSKiller_Quarantine
2012-09-02 13:06:45 ----A---- F:\TDSSKiller.2.8.8.0_02.09.2012_13.06.45_log.txt
2012-09-02 04:09:56 ----A---- F:\Windows\SYSWOW64\imon1.dat
2012-09-02 03:34:47 ----D---- F:\Program Files\trend micro
2012-09-01 22:55:52 ----D---- F:\Users\Admin\AppData\Roaming\Malwarebytes
2012-09-01 22:55:29 ----D---- F:\ProgramData\Malwarebytes
2012-09-01 18:38:43 ----D---- F:\ProgramData\Sophos
2012-09-01 18:37:39 ----D---- F:\Program Files (x86)\Sophos
2012-08-30 17:45:29 ----D---- F:\Program Files (x86)\TeamViewer
2012-08-29 22:57:54 ----R---- F:\ComboFix.exe
2012-08-29 03:01:34 ----D---- F:\Windows\ERDNT
2012-08-28 16:28:39 -------- F:\Users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-08-28 16:28:23 ----D---- F:\Program Files (x86)\jv16 PowerTools 2010
2012-08-19 18:55:44 ----D---- F:\Users\Admin\AppData\Roaming\Complitly
2012-08-19 18:54:46 ----D---- F:\ProgramData\SearchOnline
2012-08-19 18:54:46 ----D---- F:\Program Files (x86)\Check Host
2012-08-18 17:49:43 ----D---- F:\Program Files (x86)\DOSBox-0.74
2012-08-18 01:02:44 ----A---- F:\Windows\system32\DfSdkBt.exe
2012-08-18 01:02:18 ----D---- F:\Program Files (x86)\Ashampoo
2012-08-03 22:50:50 ----D---- F:\Program Files (x86)\LinuxLive USB Creator

======List of files/folders modified in the last 1 month======

2012-09-02 22:10:08 ----D---- F:\Windows\System32
2012-09-02 22:10:08 ----A---- F:\Windows\system32\PerfStringBackup.INI
2012-09-02 22:10:07 ----D---- F:\Windows\inf
2012-09-02 22:04:38 ----D---- F:\Windows\SYSWOW64\drivers
2012-09-02 22:04:14 ----D---- F:\ProgramData\VMware
2012-09-02 21:58:19 ----N---- F:\Windows\system.ini
2012-09-02 21:58:19 ----D---- F:\Windows
2012-09-02 21:56:43 ----D---- F:\Windows\system32\drivers
2012-09-02 21:56:10 ----D---- F:\Windows\SysWOW64
2012-09-02 21:56:10 ----D---- F:\Windows\AppPatch
2012-09-02 21:56:09 ----D---- F:\Program Files (x86)\Common Files
2012-09-02 21:43:43 ----SHD---- F:\System Volume Information
2012-09-02 21:39:45 ----D---- F:\Windows\Prefetch
2012-09-02 20:06:17 ----D---- F:\ProgramData
2012-09-02 19:57:16 ----D---- F:\Windows\Minidump
2012-09-02 18:33:42 ----SHD---- F:\Windows\Installer
2012-09-02 18:33:12 ----D---- F:\Windows\system32\Tasks
2012-09-02 16:03:07 ----D---- F:\Windows\system32\drivers\etc
2012-09-02 15:47:42 ----D---- F:\Windows\system32\catroot
2012-09-02 15:39:56 ----RD---- F:\Program Files (x86)
2012-09-02 14:04:19 ----D---- F:\Windows\system32\DriverStore
2012-09-02 12:40:29 ----D---- F:\ProgramData\MFAData
2012-09-02 12:40:21 ----D---- F:\Windows\system32\drivers\AVG
2012-09-02 03:34:47 ----RD---- F:\Program Files
2012-09-02 03:29:05 ----D---- F:\SourceSDK
2012-09-01 18:38:22 ----SD---- F:\Users\Admin\AppData\Roaming\Microsoft
2012-09-01 17:54:11 ----D---- F:\Program Files (x86)\Steam
2012-09-01 02:22:30 ----D---- F:\Windows\Help
2012-08-31 19:29:32 ----D---- F:\Users\Admin\AppData\Roaming\uTorrent
2012-08-30 06:27:44 ----D---- F:\Windows\system32\catroot2
2012-08-30 01:53:31 ----SD---- F:\ProgramData\Microsoft
2012-08-29 19:18:24 ----D---- F:\ProgramData\Microsoft Help
2012-08-29 16:46:48 ----D---- F:\Windows\rescache
2012-08-29 06:25:18 ----D---- F:\Games
2012-08-29 03:25:24 ----D---- F:\Windows\Tasks
2012-08-28 16:47:22 ----D---- F:\backupstorage
2012-08-25 13:14:31 ----D---- F:\Windows\system32\config
2012-08-25 13:14:09 ----D---- F:\Windows\SYSWOW64\cs-CZ
2012-08-25 13:14:04 ----D---- F:\Windows\system32\en-US
2012-08-25 13:14:04 ----D---- F:\Windows\system32\cs-CZ
2012-08-25 13:14:04 ----D---- F:\Windows\PolicyDefinitions
2012-08-25 13:01:21 ----D---- F:\Windows\winsxs
2012-08-18 00:40:57 ----D---- F:\Windows\Logs
2012-08-17 14:46:57 ----RD---- F:\Users
2012-08-16 12:12:53 ----D---- F:\ProgramData\AVG2012
2012-08-15 20:08:31 ----AD---- F:\ProgramData\TEMP
2012-08-15 08:38:39 ----D---- F:\Windows\system32\NDF
2012-08-07 21:46:02 ----D---- F:\Windows\debug
2012-08-07 21:25:51 ----D---- F:\kleaner.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 07327581;07327581; F:\Windows\system32\DRIVERS\07327581.sys [2012-09-02 460888]
R0 AVGIDSHA;AVGIDSHA; F:\Windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver; F:\Windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
R0 pciide;pciide; F:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; F:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 Avgfwfd;AVG network filter service; F:\Windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
R1 Avgldx64;AVG AVI Loader Driver; F:\Windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; F:\Windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver; F:\Windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; F:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ElbyCDIO;ElbyCDIO Driver; F:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 nltdi;nltdi; \??\F:\Program Files\NetLimiter 3\nltdi.sys [2010-08-30 88200]
R1 vwififlt;Virtual WiFi Filter Driver; F:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 hcmon;VMware hcmon; \??\F:\Windows\system32\drivers\hcmon.sys [2010-11-11 38512]
R2 vmci;VMware vmci; \??\F:\Windows\system32\drivers\vmci.sys [2010-11-11 81008]
R2 VMnetBridge;VMware Bridge Protocol; F:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-11-11 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\F:\Windows\system32\drivers\vmnetuserif.sys [2010-11-11 30320]
R2 VMparport;VMware VMparport; \??\F:\Windows\system32\drivers\VMparport.sys [2010-11-11 30832]
R2 vmx86;VMware vmx86; \??\F:\Windows\system32\drivers\vmx86.sys [2010-11-11 68720]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\F:\Program Files (x86)\VMware\vstor2-ws60.sys [2010-08-19 32816]
R3 amdiox64;AMD IO Driver; F:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; F:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; F:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; F:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 AVGIDSDriver;AVGIDSDriver; F:\Windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter; F:\Windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 kxwdmdrv;kX WDM Driver Service; F:\Windows\system32\drivers\kx.sys [2009-07-28 763784]
R3 NLNdisMP;NLNdisMP; F:\Windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
R3 RTL8167;Ovladač Realtek 8167 NT; F:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 VClone;VClone; F:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
R3 vmkbd;VMware kbd; \??\F:\Windows\system32\drivers\VMkbd.sys [2010-11-11 31856]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; F:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-11-11 20016]
S3 atikmdag;atikmdag; F:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; F:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Služba Bluetooth Enumerator; F:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); F:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; F:\Windows\System32\Drivers\BTHport.sys [2010-11-21 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; F:\Windows\System32\Drivers\BTHUSB.sys [2010-11-21 80384]
S3 catchme;catchme; \??\F:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; F:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; F:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; F:\Windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
S3 RDPDR;Terminal Server Device Redirector Driver; F:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; F:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); F:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; F:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; F:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; F:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; F:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; F:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; F:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; F:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; F:\Windows\system32\drivers\VGPU.sys []
S3 vmbus;vmbus; F:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; F:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vmusb;VMware USB Client Driver; F:\Windows\System32\Drivers\vmusb.sys [2010-11-11 37680]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AHDDC2;Ashampoo HDD Control 2 Service; F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-04-05 1518976]
R2 AMD External Events Utility;AMD External Events Utility; F:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 AMD FUEL Service;AMD FUEL Service; F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R2 avgfws;AVG Firewall; F:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent; F:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 avgwd;AVG WatchDog; F:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 VMAuthdService;VMware Authorization Service; F:\Program Files (x86)\VMware\vmware-authd.exe [2010-11-11 113264]
R2 VMnetDHCP;VMware DHCP Service; F:\Windows\syswow64\vmnetdhcp.exe [2010-11-11 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R2 VMware NAT Service;VMware NAT Service; F:\Windows\syswow64\vmnat.exe [2010-11-11 404080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; F:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 nlsvc;NetLimiter 3 Service; F:\Program Files\NetLimiter 3\nlsvc.exe [2010-08-30 1743872]
S3 NMIndexingService;NMIndexingService; F:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose64;Office 64 Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; F:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-06-30 529232]
S3 ufad-ws60;VMware Agent Service; F:\Program Files (x86)\VMware\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 TeamViewer7;TeamViewer 7; F:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-30 3027840]
S4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0; F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe []

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 02 zář 2012 21:42

Potřeboval bych log ComboFix. Najdete ho v f:\combofix.txt .

nightFlyer · #9 Příspěvek od **nightFlyer** » 02 zář 2012 21:46

Praveze mi to nevytvorilo log ani v nudzovom rezime a ani potom v normalnom rezime, predtym som ho nasiel na F: ale teraz uz nie.

#10 Příspěvek od **Rudy** » 02 zář 2012 21:55

ComboFix odinstalujte Startmenu>přík. řádek>(napsat) combofix /uninstall>Enter. Pak dvouklikem na soubor F:\Program Files\trend micro\Admin.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=10195&home=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com?si=10195&bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=10195&home=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10195&bs=true&q=
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - F:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll
O15 - Trusted Zone: http://cag1.sepsas.sk
O15 - Trusted Zone: http://cag2.sepsas.sk

Klikněte na >FixChecked<. Po skenu restartujte PC.

nightFlyer · #11 Příspěvek od **nightFlyer** » 02 zář 2012 22:13

Teraz sa mi podarilo dostat z combfixu aj log. Tuje, mam tusenie ze tam stale este neico ostalo.
Subory ktore podozrievam som zvyraznil.

ComboFix 12-09-01.01 - Admin . 09. 2012 23:33:25.6.2 - x64
Running from: F:\ComboFix.exe
Command switches used :: /F3M
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 20:16 . 2012-09-02 20:16 -------- d-----w- F:\rsit
2012-09-02 19:58 . 2012-09-02 21:33 -------- d-----w- f:\users\Admin\AppData\Local\temp
2012-09-02 19:58 . 2012-09-02 19:58 -------- d-----w- f:\users\Mcx1-Admin-PC\AppData\Local\temp
2012-09-02 19:58 . 2012-09-02 19:58 -------- d-----w- f:\users\Default\AppData\Local\temp
2012-09-02 18:06 . 2012-09-02 18:06 -------- d-----w- f:\programdata\Kaspersky Lab
2012-09-02 18:00 . 2012-09-02 19:14 460888 ----a-w- f:\windows\system32\drivers\07327581.sys
2012-09-02 11:09 . 2012-09-02 11:09 -------- d-----w- F:\TDSSKiller_Quarantine
2012-09-01 21:45 . 2012-09-02 11:14 -------- d-----w- f:\users\Nino\AppData\Roaming\dvdcss
2012-09-01 20:55 . 2012-09-01 20:55 -------- d-----w- f:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-01 20:55 . 2012-09-01 20:55 -------- d-----w- f:\programdata\Malwarebytes
2012-09-01 16:38 . 2012-09-01 16:38 -------- d-----w- f:\programdata\Sophos
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-01 16:37 . 2012-09-01 16:37 -------- d-----w- f:\program files (x86)\Sophos
2012-08-30 15:45 . 2012-08-30 15:45 -------- d-----w- f:\program files (x86)\TeamViewer
2012-08-30 15:38 . 2012-08-30 15:51 -------- d-----w- f:\users\Nino\AppData\Roaming\TeamViewer
2012-08-28 14:28 . 2012-08-28 14:28 22 ------w- f:\windows\Sys3390 SettingsCollection.bin
2012-08-28 14:28 . 2012-08-28 14:28 22 ------w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-08-28 14:28 . 2012-08-28 14:28 -------- d-----w- f:\program files (x86)\jv16 PowerTools 2010
2012-08-19 16:55 . 2012-08-19 16:56 -------- d-----w- f:\users\Nino\AppData\Roaming\CheckHost
2012-08-19 16:55 . 2012-09-02 21:07 -------- d-----w- f:\users\Admin\AppData\Roaming\Complitly
2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----w- f:\program files (x86)\Check Host
2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----w- f:\programdata\SearchOnline
2012-08-19 14:34 . 2012-08-19 14:40 -------- d-----w- f:\users\Nino\AppData\Local\Darksiders2
2012-08-18 15:50 . 2012-08-18 15:50 -------- d-----w- f:\users\Nino\AppData\Local\DOSBox
2012-08-18 15:49 . 2012-08-18 15:49 -------- d-----w- f:\program files (x86)\DOSBox-0.74
2012-08-17 23:02 . 2009-08-24 20:13 34304 ----a-w- f:\windows\system32\DfSdkBt.exe
2012-08-17 23:02 . 2012-08-17 23:02 -------- d-----w- f:\program files (x86)\Ashampoo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-09-01 16:38 . 2012-09-01 16:38 73728 ----a-r- f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-28 14:28 . 2012-08-28 14:28 22 ------w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-08-28 14:28 . 2012-08-28 14:28 22 ------w- f:\users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
2012-07-27 13:31 . 2012-07-27 13:31 48648 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-07-27 13:31 . 2012-07-27 13:31 458064 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-10 12:47 . 2012-07-10 12:47 2618880 ----a-w- f:\windows\SysWow64\exeImagine.IMD
2012-07-10 12:47 . 2012-07-10 12:47 399872 ----a-w- f:\windows\SysWow64\nxImagine.ocx
2012-07-03 22:02 . 2012-07-03 22:02 48648 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-07-03 22:02 . 2012-07-03 22:02 458064 ----a-w- f:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-17 12:48 2074208 ----a-w- f:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "f:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-17 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"="f:\program files\NetLimiter 3\NLClientApp.exe" [2010-08-30 2790400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"="f:\program files (x86)\VMware\vmware-tray.exe" [2010-11-11 129648]
"AVG_TRAY"="f:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="f:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-17 1107552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 4 (0x4)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"LocalAccountTokenFilterPolicy"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0f:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 avgfws;AVG Firewall;f:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;f:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;f:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;f:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;f:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;f:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
R3 ose64;Office 64 Source Engine;f:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;f:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;f:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;f:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;f:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;f:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;f:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;f:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU; [x]
R4 TeamViewer7;TeamViewer 7;f:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-30 3027840]
R4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;f:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S0 07327581;07327581;f:\windows\system32\DRIVERS\07327581.sys [2012-09-02 460888]
S0 AVGIDSHA;AVGIDSHA;f:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;f:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;f:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]
S1 Avgldx64;AVG AVI Loader Driver;f:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;f:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;f:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 nltdi;nltdi;f:\program files\NetLimiter 3\nltdi.sys [2010-08-30 88200]
S1 vwififlt;Virtual WiFi Filter Driver;f:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AHDDC2;Ashampoo HDD Control 2 Service;f:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-04-05 1518976]
S2 AMD External Events Utility;AMD External Events Utility;f:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;f:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 avgwd;AVG WatchDog;f:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 vmci;VMware vmci;f:\windows\system32\drivers\vmci.sys [2010-11-11 81008]
S2 VMUSBArbService;VMware USB Arbitration Service;f:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
S3 amdiox64;AMD IO Driver;f:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;f:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;f:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;f:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 AVGIDSDriver;AVGIDSDriver;f:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;f:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 kxwdmdrv;kX WDM Driver Service;f:\windows\system32\drivers\kx.sys [2009-07-28 763784]
S3 NLNdisMP;NLNdisMP;f:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
S3 RTL8167;Ovladač Realtek 8167 NT;f:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="f:\program files\kX Audio Driver\3548\kxmixer.exe" [2009-07-28 677896]
.
------- Supplementary Scan -------
.
LSP: f:\program files (x86)\VMware\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
.
.
------- File Associations -------
.
JSEFile=f:\windows\SysWow64\WScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
Completion time: 2012-09-02 23:36:02
ComboFix-quarantined-files.txt 2012-09-02 21:36
.
Post-Run: Volných bajtů: 17 519 431 680
.
- - End Of File - - 3D6C63134EF51D0F6172C2D33F25F447

nightFlyer · #12 Příspěvek od **nightFlyer** » 03 zář 2012 16:09

Vyzera to ze combofix neodstranil vsetko co sme mu zadali v CFscript.txt.
Nedalo mi to a skusil som spustit nasledovny skript v OTL.exe

:files
F:\Users\Admin\AppData\Roaming\Sys6925.Config Collection.sys
F:\Windows\System32\drivers\07327581.sys
F:\Windows\System32\DfSdkBt.exe
f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
f:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

:services
Steam Client Service

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]

po restarte som znova spustil RSIT na ziskanie aktualneho logu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-09-03 16:38:29
Microsoft Windows 7 Ultimate Service Pack 1
System drive F: has 15 GB (13%) free of 118 GB
Total RAM: 2046 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:38:51, on 3. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
F:\Program Files (x86)\VMware\vmware-tray.exe
F:\Program Files (x86)\AVG\AVG2013\avgui.exe
F:\Program Files (x86)\AVG Secure Search\vprot.exe
F:\Program Files (x86)\mControl\mControl.exe
F:\Program Files\trend micro\Admin.exe
F:\Program Files (x86)\potplayer\PotPlayerMini.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - F:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [vmware-tray] "F:\Program Files (x86)\VMware\vmware-tray.exe"
O4 - HKLM\..\Run: [AVG_UI] "F:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "F:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "F:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\RunOnce: [OTM] "F:\Users\Nino\Desktop\OTM.exe"
O4 - HKCU\..\Run: [NetLimiter] F:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKUS\S-1-5-21-2109600733-816950256-3635563028-1001\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Nino')
O10 - Unknown file in Winsock LSP: f:\program files (x86)\vmware\vsocklib.dll
O10 - Unknown file in Winsock LSP: f:\program files (x86)\vmware\vsocklib.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - F:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) - Unknown owner - F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - F:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - F:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - F:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - F:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - F:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - F:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - F:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - F:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - F:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files (x86)\VMware\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - F:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - F:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - F:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files (x86)\VMware\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - F:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - F:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - F:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.0 - Unknown owner - F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - F:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - F:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6572 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
F:\PROGRA~2\AVG\AVG2013\avgrsa.exe /boot
F:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe /pipeName=ac7db64d-ff2f-4c34-bfd3-1f03c455d357 /coreSdkOptions=4382 /logConfFile="F:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\b70b0c33-692b-4654-9aeb-3f2c7b7f9f3c-1d0-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="F:\Program Files (x86)\AVG\AVG2013\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2013" /tempPath="F:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
F:\Windows\system32\services.exe
F:\Windows\system32\lsass.exe
F:\Windows\system32\lsm.exe
winlogon.exe
F:\Windows\system32\svchost.exe -k DcomLaunch
F:\Windows\system32\svchost.exe -k RPCSS
F:\Windows\system32\atiesrxx.exe
F:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
F:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
F:\Windows\system32\svchost.exe -k netsvcs
F:\Windows\system32\svchost.exe -k LocalService
atieclxx
F:\Windows\System32\spoolsv.exe
F:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"F:\Windows\system32\Dwm.exe"
F:\Windows\Explorer.EXE
"taskhost.exe"
F:\Windows\System32\svchost.exe -k NetworkService
"F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe"
"F:\Program Files\kX Audio Driver\3548\kxmixer.exe" --startup
"F:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"F:\Program Files (x86)\VMware\vmware-tray.exe"
"F:\Program Files (x86)\AVG\AVG2013\avgfws.exe"
"F:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
"F:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe"
"F:\Program Files (x86)\AVG Secure Search\vprot.exe"
"F:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe"
F:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe"
F:\Windows\SysWOW64\vmnat.exe
"F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe"
F:\Windows\SysWOW64\vmnetdhcp.exe
"F:\Program Files (x86)\VMware\vmware-authd.exe"
"F:\Program Files (x86)\mControl\mControl.exe" /restoreprofile nino
"F:\Program Files (x86)\AVG\AVG2013\avgnsa.exe"
F:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"F:\Program Files (x86)\AVG\AVG2013\avgemca.exe"
F:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe /pipeName=e2c70641-cfa0-417d-a3b3-5860d94e1b03 /coreSdkOptions=4114 /logConfFile="F:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\7c29352c-a98a-444e-8554-316b3ec7707d-c14-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="F:\Program Files (x86)\AVG\AVG2013\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2013" /tempPath="F:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\"
F:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe /pipeName=a44ded34-61d3-4216-9f2e-8c372b497a72 /coreSdkOptions=4096 /binaryPath="F:\Program Files (x86)\AVG\AVG2013\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2013" /tempPath="F:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\temp\" /dataPath="F:\ProgramData\AVG2013\" /userDataPath="F:\Windows\system32\config\systemprofile\AppData\Local\Avg2013\"
F:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe /pipeName=5ae7ed77-db57-4f14-96be-0a62a5d1b373 /coreSdkOptions=4096 /binaryPath="F:\Program Files (x86)\AVG\AVG2013\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2013" /tempPath="F:\Users\Nino\AppData\Local\Avg2013\temp" /dataPath="F:\ProgramData\AVG2013\" /userDataPath="F:\Users\Nino\AppData\Local\Avg2013" /logPath="F:\Users\Nino\AppData\Local\Avg2013\log"
"F:\Users\Nino\Downloads\RSITx64.exe"
F:\Windows\system32\wbem\wmiprvse.exe
"F:\Program Files (x86)\potplayer\PotPlayerMini.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}]
Complitly - F:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll [2012-05-21 169688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - F:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - F:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-19 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - F:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll [2012-09-03 2045024]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - F:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-19 157680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"=F:\Program Files\kX Audio Driver\3548\kxmixer.exe [2009-07-28 677896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NetLimiter"=F:\Program Files\NetLimiter 3\NLClientApp.exe [2010-08-30 2790400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min F:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
F:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
F:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
F:\Program Files (x86)\Eset\nod32kui.exe /WAITSERVICE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
F:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder]
F:\Program Files (x86)\Eset\UpdateReminder.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
F:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"=F:\Program Files (x86)\VMware\vmware-tray.exe [2010-11-11 129648]
"AVG_UI"=F:\Program Files (x86)\AVG\AVG2013\avgui.exe [2012-08-29 3039352]
"vProt"=F:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-09-03 1162848]
"ROC_roc_ssl_v12"=F:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe [2012-09-03 1020512]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTM"=F:\Users\Nino\Desktop\OTM.exe [2012-09-03 522240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - F:\Windows\system32\webcheck.dll [2010-11-21 290304]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=4
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LocalAccountTokenFilterPolicy"=1
"DisableStatusMessages"=1
"HideFastUserSwitching"=1
"DisableStartupSound"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoInstrumentation"=1
"NoThumbnailCache"=1
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\Program Files (x86)\BulletProof FTP Server 2010\bpftpserver-2010.exe"="F:\Program Files (x86)\BulletProof FTP Server 2010\bpftpserver-2010.exe:*:Enabled:BulletProof FTP Server 2010 (http://www.bpftpserver.com)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=F:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit -
.vbs - edit -

======List of files/folders created in the last 1 month======

2012-09-03 16:38:30 ----D---- F:\Program Files\trend micro
2012-09-03 16:38:29 ----D---- F:\rsit
2012-09-03 16:28:15 ----D---- F:\_OTM
2012-09-03 15:41:59 ----D---- F:\Program Files (x86)\Feedback Tool
2012-09-03 03:46:38 ----D---- F:\Users\Admin\AppData\Roaming\AVG2013
2012-09-03 03:44:38 ----D---- F:\Users\Admin\AppData\Roaming\TuneUp Software
2012-09-03 03:44:29 ----D---- F:\ProgramData\AVG Secure Search
2012-09-03 03:44:13 ----A---- F:\Windows\system32\drivers\avgtpx64.sys
2012-09-03 03:44:09 ----D---- F:\Program Files (x86)\AVG Secure Search
2012-09-03 03:42:19 ----HD---- F:\$AVG
2012-09-03 03:42:18 ----D---- F:\ProgramData\AVG2013
2012-09-03 03:20:13 ----SHD---- F:\$RECYCLE.BIN
2012-09-03 00:15:38 ----A---- F:\ComboFix.txt
2012-09-02 21:58:13 ----D---- F:\Windows\temp
2012-09-02 20:06:17 ----D---- F:\ProgramData\Kaspersky Lab
2012-09-02 20:04:18 ----A---- F:\Windows\ntbtlog.txt
2012-09-02 20:00:06 ----A---- F:\Windows\system32\drivers\07327581.sys
2012-09-02 04:09:56 ----A---- F:\Windows\SYSWOW64\imon1.dat
2012-09-01 22:55:52 ----D---- F:\Users\Admin\AppData\Roaming\Malwarebytes
2012-09-01 22:55:29 ----D---- F:\ProgramData\Malwarebytes
2012-09-01 18:37:39 ----D---- F:\Program Files (x86)\Sophos
2012-08-30 17:45:29 ----D---- F:\Program Files (x86)\TeamViewer
2012-08-29 03:01:34 ----D---- F:\Windows\ERDNT
2012-08-28 16:28:23 ----D---- F:\Program Files (x86)\jv16 PowerTools 2010
2012-08-19 18:55:44 ----D---- F:\Users\Admin\AppData\Roaming\Complitly
2012-08-19 18:54:46 ----D---- F:\ProgramData\SearchOnline
2012-08-19 18:54:46 ----D---- F:\Program Files (x86)\Check Host
2012-08-18 17:49:43 ----D---- F:\Program Files (x86)\DOSBox-0.74
2012-08-18 01:02:44 ----A---- F:\Windows\system32\DfSdkBt.exe
2012-08-18 01:02:18 ----D---- F:\Program Files (x86)\Ashampoo
2012-08-13 16:40:52 ----A---- F:\Windows\system32\drivers\avgidsdrivera.sys
2012-08-10 04:52:38 ----A---- F:\Windows\system32\drivers\avgtdia.sys
2012-08-10 04:52:34 ----A---- F:\Windows\system32\drivers\avgmfx64.sys
2012-08-10 04:52:16 ----A---- F:\Windows\system32\drivers\avgrkx64.sys
2012-08-09 13:56:42 ----A---- F:\Windows\system32\drivers\avgloga.sys
2012-08-09 13:56:34 ----A---- F:\Windows\system32\drivers\avgidsha.sys
2012-08-09 13:56:20 ----A---- F:\Windows\system32\drivers\avgldx64.sys

======List of files/folders modified in the last 1 month======

2012-09-03 16:38:30 ----RD---- F:\Program Files
2012-09-03 16:36:31 ----D---- F:\ProgramData\VMware
2012-09-03 16:07:48 ----D---- F:\ProgramData\MFAData
2012-09-03 15:56:59 ----D---- F:\Windows
2012-09-03 15:56:53 ----SHD---- F:\Windows\Installer
2012-09-03 15:56:45 ----D---- F:\Windows\Logs
2012-09-03 15:42:11 ----SD---- F:\Users\Admin\AppData\Roaming\Microsoft
2012-09-03 15:41:59 ----RD---- F:\Program Files (x86)
2012-09-03 15:13:54 ----D---- F:\Windows\system32\drivers
2012-09-03 04:02:05 ----D---- F:\Windows\System32
2012-09-03 03:54:10 ----D---- F:\Windows\Prefetch
2012-09-03 03:45:44 ----D---- F:\Windows\system32\Tasks
2012-09-03 03:44:29 ----D---- F:\ProgramData
2012-09-03 03:43:27 ----D---- F:\Windows\inf
2012-09-03 03:43:23 ----D---- F:\Windows\system32\DriverStore
2012-09-03 03:42:10 ----A---- F:\Windows\system32\PerfStringBackup.INI
2012-09-03 03:41:46 ----SHD---- F:\System Volume Information
2012-09-03 03:41:24 ----D---- F:\Program Files (x86)\AVG
2012-09-03 03:40:41 ----D---- F:\Windows\SysWOW64
2012-09-03 03:30:42 ----D---- F:\Windows\SYSWOW64\drivers
2012-09-03 03:25:18 ----AD---- F:\ProgramData\TEMP
2012-09-03 00:12:32 ----N---- F:\Windows\system.ini
2012-09-03 00:12:26 ----D---- F:\Windows\system32\drivers\etc
2012-09-03 00:09:35 ----D---- F:\Windows\AppPatch
2012-09-03 00:09:34 ----D---- F:\Program Files (x86)\Common Files
2012-09-02 23:55:56 ----RD---- F:\Users
2012-09-02 19:57:16 ----D---- F:\Windows\Minidump
2012-09-02 15:47:42 ----D---- F:\Windows\system32\catroot
2012-09-02 03:29:05 ----D---- F:\SourceSDK
2012-09-01 17:54:11 ----D---- F:\Program Files (x86)\Steam
2012-09-01 02:22:30 ----D---- F:\Windows\Help
2012-08-31 19:29:32 ----D---- F:\Users\Admin\AppData\Roaming\uTorrent
2012-08-30 06:27:44 ----D---- F:\Windows\system32\catroot2
2012-08-30 01:53:31 ----SD---- F:\ProgramData\Microsoft
2012-08-29 19:18:24 ----D---- F:\ProgramData\Microsoft Help
2012-08-29 16:46:48 ----D---- F:\Windows\rescache
2012-08-29 06:25:18 ----D---- F:\Games
2012-08-29 03:25:24 ----D---- F:\Windows\Tasks
2012-08-28 16:47:22 ----D---- F:\backupstorage
2012-08-25 13:14:31 ----D---- F:\Windows\system32\config
2012-08-25 13:14:09 ----D---- F:\Windows\SYSWOW64\cs-CZ
2012-08-25 13:14:04 ----D---- F:\Windows\system32\en-US
2012-08-25 13:14:04 ----D---- F:\Windows\system32\cs-CZ
2012-08-25 13:14:04 ----D---- F:\Windows\PolicyDefinitions
2012-08-25 13:01:21 ----D---- F:\Windows\winsxs
2012-08-15 08:38:39 ----D---- F:\Windows\system32\NDF
2012-08-07 21:46:02 ----D---- F:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 07327581;07327581; F:\Windows\system32\DRIVERS\07327581.sys [2012-09-02 460888]
R0 AVGIDSHA;AVGIDSHA; F:\Windows\system32\DRIVERS\avgidsha.sys [2012-08-09 60768]
R0 Avgloga;AVG Logging Driver; F:\Windows\system32\DRIVERS\avgloga.sys [2012-08-09 230240]
R0 Avgrkx64;AVG Anti-Rootkit Driver; F:\Windows\system32\DRIVERS\avgrkx64.sys [2012-08-10 40288]
R0 pciide;pciide; F:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; F:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 Avgfwfd;AVG network filter service; F:\Windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
R1 AVGIDSDriver;AVGIDSDriver; F:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-08-13 150880]
R1 Avgldx64;AVG AVI Loader Driver; F:\Windows\system32\DRIVERS\avgldx64.sys [2012-08-09 175968]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; F:\Windows\system32\DRIVERS\avgmfx64.sys [2012-08-10 105312]
R1 Avgtdia;AVG TDI Driver; F:\Windows\system32\DRIVERS\avgtdia.sys [2012-08-10 199520]
R1 avgtp;avgtp; \??\F:\Windows\system32\drivers\avgtpx64.sys [2012-09-03 31080]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; F:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ElbyCDIO;ElbyCDIO Driver; F:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 nltdi;nltdi; \??\F:\Program Files\NetLimiter 3\nltdi.sys [2010-08-30 88200]
R1 vwififlt;Virtual WiFi Filter Driver; F:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 hcmon;VMware hcmon; \??\F:\Windows\system32\drivers\hcmon.sys [2010-11-11 38512]
R2 vmci;VMware vmci; \??\F:\Windows\system32\drivers\vmci.sys [2010-11-11 81008]
R2 VMnetBridge;VMware Bridge Protocol; F:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-11-11 45104]
R2 VMnetuserif;VMware Network Application Interface; \??\F:\Windows\system32\drivers\vmnetuserif.sys [2010-11-11 30320]
R2 VMparport;VMware VMparport; \??\F:\Windows\system32\drivers\VMparport.sys [2010-11-11 30832]
R2 vmx86;VMware vmx86; \??\F:\Windows\system32\drivers\vmx86.sys [2010-11-11 68720]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\F:\Program Files (x86)\VMware\vstor2-ws60.sys [2010-08-19 32816]
R3 amdiox64;AMD IO Driver; F:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; F:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; F:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; F:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 kxwdmdrv;kX WDM Driver Service; F:\Windows\system32\drivers\kx.sys [2009-07-28 763784]
R3 NLNdisMP;NLNdisMP; F:\Windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
R3 RTL8167;Ovladač Realtek 8167 NT; F:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 VClone;VClone; F:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
R3 vmkbd;VMware kbd; \??\F:\Windows\system32\drivers\VMkbd.sys [2010-11-11 31856]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; F:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-11-11 20016]
S3 atikmdag;atikmdag; F:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; F:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Služba Bluetooth Enumerator; F:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); F:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; F:\Windows\System32\Drivers\BTHport.sys [2010-11-21 552448]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; F:\Windows\System32\Drivers\BTHUSB.sys [2010-11-21 80384]
S3 catchme;catchme; \??\F:\ComboFix\catchme.sys []
S3 dmvsc;dmvsc; F:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; F:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; F:\Windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
S3 RDPDR;Terminal Server Device Redirector Driver; F:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; F:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); F:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; F:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; F:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; F:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; F:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; F:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; F:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; F:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VGPU;VGPU; F:\Windows\system32\drivers\VGPU.sys []
S3 vmbus;vmbus; F:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; F:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 vmusb;VMware USB Client Driver; F:\Windows\System32\Drivers\vmusb.sys [2010-11-11 37680]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AHDDC2;Ashampoo HDD Control 2 Service; F:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2011-04-05 1518976]
R2 AMD External Events Utility;AMD External Events Utility; F:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 AMD FUEL Service;AMD FUEL Service; F:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
R2 avgfws;AVG Firewall; F:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-08-20 1286392]
R2 AVGIDSAgent;AVGIDSAgent; F:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]
R2 avgwd;AVG WatchDog; F:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]
R2 VMAuthdService;VMware Authorization Service; F:\Program Files (x86)\VMware\vmware-authd.exe [2010-11-11 113264]
R2 VMnetDHCP;VMware DHCP Service; F:\Windows\syswow64\vmnetdhcp.exe [2010-11-11 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R2 VMware NAT Service;VMware NAT Service; F:\Windows\syswow64\vmnat.exe [2010-11-11 404080]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0; F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-09-03 927840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; F:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 nlsvc;NetLimiter 3 Service; F:\Program Files\NetLimiter 3\nlsvc.exe [2010-08-30 1743872]
S3 NMIndexingService;NMIndexingService; F:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose64;Office 64 Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ufad-ws60;VMware Agent Service; F:\Program Files (x86)\VMware\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; F:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@F:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 TeamViewer7;TeamViewer 7; F:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-30 3027840]
S4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0; F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe []

-----------------EOF-----------------

f:\windows\system32\grpconv.exe - je zrejme tiez ciste, virustotal.com/file/e08991a20cd9fdc43a66db771f9161decb4355b78481eefc3d8dc3f0f4230df0/analysis/
f:\windows\system32\DfSdkBt.exe - bude zrejme pozostato sophosu - ciste, virustotal.com/file/6ab6c9ff6d6437f2ca08789452f6fa56e9790d182fb0c35ffd0152871d3f0f07/analysis/1346681691/
Neviem ako sa zbavit suboru F:\Windows\System32\drivers\07327581.sys vyzera podozrivo, staci ho vymazat napr v nejakej live distribucii ?
Cudne tiez je ked pocitac vypinam tak to trva oproti inym PC znacne pomaly vyse 5min - modra obrazovka s napisom vypinam (odhad nieje priblizny naozaj je to vyse 300 sekund).
Dalej niesom si isty ci je normalne spravanie procesu svchost.exe, je ich spustenych viacej ale iba jeden vzdy po starte systemu zozere okolo 120mb ram,
a ked ho killnem tak nachvilu sa vypne aero tema windowsu ale potom sa ten proces znova zacne pozierat ram. Skusal som spustit pocitac bez pripojeneho kabla od internetu a svchost sa v takom pripade spraval prekrasne - vyzuval okolo 10mb mozno aj menej operacnej pamate.
Skusim som odinstalovat vacsinu AV a FW a naistaloval som si AVG 2013 ale vyzera to ze to nema so spominanim procesom svchost vela spolocne.
Vidite tam niekto nieco viac?

#13 Příspěvek od **Rudy** » 03 zář 2012 16:49

Vraťte se k Combofixu (doufám, že ho máte na ploše). Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
F:\Windows\system32\DRIVERS\07327581.sys

Driver::
07327581

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

#14 Příspěvek od **motji** » 24 zář 2012 00:11

Jak to tu vypadá?

VIRY.CZ

Prosim, mozte sa niekto pozriet na moje LOGy?

Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?

Re: Prosim, mozte sa niekto pozriet na moje LOGy?