PC-HELP.CZ

České diskuzní fórum o počítačích
http://www.pc-help.cz/

Virus

http://www.pc-help.cz/viewtopic.php?f=47&t=72830

Stránka 1 z 3

Virus

Napsal: 01 zář 2011 17:25
od falcon5583
Ahojte.Kamarat klikol na facebooku na daky odkaz a chytil virus.Mal tam nainstalovanu Aviru free Antivir a od vtedy je cely antivir seknuty nereaguje.Virus som odstranil online scanerom a chcel som odinstalovat aj tu aviru z programovej ponuky mi zmizla ale ked som chcel nainstalovat Kaspersky security pise mi ze musim odinstalovat najskor Aviru ale to nejde nemozem ju nikde najst a pritom v procesoch bezi...od vtedy tam nejde ani facebook nacitat sekol sa s tou Avirou.Prosim vas co mam s tym robit nerad by som preinstalovaval win 7.Dakujem za rady

Re: Virus

Napsal: 01 zář 2011 17:31
od Žbeky
FB vir je mnohem komplexnější a potřebuje víc než nějaký online scanner.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: Virus

Napsal: 01 zář 2011 18:33
od falcon5583
ja to skusim v najblisej dobe je to kamaratove PC ozvem sa diky moc zatial

Re: Virus

Napsal: 02 zář 2011 23:44
od falcon5583
Zdravim tu je ten LOG

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7637

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2. 9. 2011 17:06:54
kontrola PC

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 190355
Uplynutý čas: 2 min, 18 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 6
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 14

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované súbory:
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

Re: Virus

Napsal: 03 zář 2011 00:00
od Žbeky
- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Re: Virus

Napsal: 03 zář 2011 00:33
od falcon5583
Ok skusim

Re: Virus

Napsal: 03 zář 2011 21:47
od bledulka
A pak sem vlož log :D

Re: Virus

Napsal: 05 zář 2011 11:30
od falcon5583
Chalani tak sme to skusili uz mu aj ten facebook ide v pohode.Ale je tu stale ten problem s tou Avirou.Aku je dat prec.Chcem tam nainstalovat Toho KAsperskeho ale hlasi ze ju musim unistall ale nikde ju nemozem najst robo to od vtedy ako tam chytil ten virus s facebooku odvtedy Tu Aviru odpisalo...posielam ten log...

odstránene hrozby...


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7641

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

3. 9. 2011 11:34:22
mbam-log-2011-09-03 (11-34-22).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 190688
Uplynutý čas: 1 min, 57 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 6
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 14

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované priečinky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované súbory:
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

ComboFix

ComboFix 11-09-02.04 - shark . 09. 2011 12:48:03.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2790 [GMT 2:00]
Running from: c:\users\shark\AppData\Local\Temp\Rar$EX00.523\ComboFix\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\shark\AppData\Roaming\inst.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\simdpp.dll
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 10:51 . 2011-09-03 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-02 15:00 . 2011-09-02 15:00 -------- d-----w- c:\users\shark\AppData\Roaming\Malwarebytes
2011-09-02 14:59 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\programdata\Malwarebytes
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 14:59 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 14:24 . 2011-08-29 14:25 -------- d-----w- c:\users\Guest
2011-08-29 14:02 . 2011-08-29 14:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-29 07:34 . 2011-08-29 07:34 -------- d-----w- c:\program files (x86)\AVG
2011-08-26 17:05 . 2011-08-26 17:05 -------- d-----w- C:\$AVG
2011-08-26 16:30 . 2011-08-26 16:30 -------- d-----w- c:\users\shark\AppData\Roaming\AVG10
2011-08-26 16:28 . 2011-09-03 10:14 -------- d-----w- c:\programdata\AVG10
2011-08-26 16:28 . 2011-09-03 10:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-26 16:06 . 2011-08-26 16:22 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 16:06 . 2011-08-26 16:06 -------- d-----w- c:\program files\AVAST Software
2011-08-26 15:57 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2FF79A4-71DB-4034-8A51-AD43AB539929}\mpengine.dll
2011-08-25 18:23 . 2011-08-25 18:23 22567 ----a-w- c:\programdata\1314296490.bdinstall.bin
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files\Common Files\Bitdefender
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2011-08-25 18:19 . 2011-08-27 15:37 -------- d-----w- c:\users\shark\AppData\Roaming\QuickScan
2011-08-25 17:47 . 2011-08-15 11:19 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-25 17:47 . 2011-08-15 11:13 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-25 17:47 . 2011-08-15 11:13 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-25 17:47 . 2011-08-25 17:47 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-08-25 17:46 . 2011-08-25 17:47 -------- d-----w- c:\programdata\TuneUp Software
2011-08-25 17:46 . 2011-08-25 17:46 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-25 17:34 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-25 17:34 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-25 17:32 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-25 17:09 . 2011-08-25 17:09 -------- d--h--w- c:\windows\update.8.1
2011-08-25 17:08 . 2011-08-25 17:08 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-08-24 15:56 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 14:13 . 2011-08-25 16:53 -------- d-----w- c:\programdata\PC Tools
2011-08-20 11:55 . 2011-08-20 11:55 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-08-20 09:40 . 2011-08-20 09:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-20 09:31 . 2011-08-20 09:31 -------- d--h--w- c:\programdata\Common Files
2011-08-20 09:22 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-20 09:22 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-20 09:16 . 2011-09-03 10:13 -------- d-----w- c:\programdata\MFAData
2011-08-19 18:23 . 2011-08-25 18:07 -------- d-----w- c:\windows\ufa
2011-08-19 18:14 . 2011-08-25 17:38 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 18:12 . 2011-08-25 17:36 -------- d-----w- c:\windows\av_ico
2011-08-19 18:11 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-08-19 18:11 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-8-0
2011-08-16 15:50 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-08-16 15:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-08-16 15:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-08-16 15:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-08-16 15:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-08-16 15:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-08-16 15:50 . 2002-08-22 04:00 413760 ----a-w- c:\windows\SysWow64\DivXc32f.dll
2011-08-16 15:50 . 2002-08-01 09:03 413760 ----a-w- c:\windows\SysWow64\DivXc32.dll
2011-08-16 15:50 . 2001-02-25 01:19 287744 ----a-w- c:\windows\SysWow64\divxa32.acm
2011-08-14 12:47 . 2005-06-24 14:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2011-08-14 12:47 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-08-14 12:47 . 2005-11-13 21:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-14 12:47 . 2005-11-13 21:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-14 12:47 . 2005-11-13 21:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-14 12:47 . 2005-11-13 21:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-14 12:47 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-14 12:47 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-14 12:47 . 2005-11-13 21:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-14 12:47 . 2011-08-14 12:47 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-14 12:47 . 2011-08-14 12:47 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-12 16:17 . 2011-09-02 16:43 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-10 16:06 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 09:30 . 2011-04-22 12:11 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-20 09:30 . 2011-04-22 12:11 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-19 03:05 . 2010-09-28 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-16 04:26 . 2011-08-10 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 03:07 . 2011-07-13 16:23 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-07 14:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-07 14:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-05 15:10 . 2011-06-05 15:10 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-15 2027840]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\shark\AppData\Roaming\Mozilla\Firefox\Profiles\fl1zbh1l.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
.
[HKEY_USERS\S-1-5-21-3898257279-3220266764-3061120529-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,55,3e,53,f3,41,92,c4,75,8b,14,2c,ad,b1,3d,1e,b3,4d,d3,69,cd,
0d,e3,72,42,1f,1f,28,af,2c,41,29,1e,ba,ba,4e,d4,ff,dd,c4,8d,29,b6,e7,30,dc,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2011-09-03 12:55:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-03 10:55
.
Pre-Run: 185 374 838 784 bytes free
Post-Run: 184 838 348 800 bytes free
.
- - End Of File - - 542447C851510E3A749A275AD1E5F7A2

Re: Virus

Napsal: 05 zář 2011 16:18
od Žbeky
Avira? Vidím tam AVAST, AVG, KAsperskeho, ale aviru fakt ne. Chceš ty zbytky smazat?

Re: Virus

Napsal: 05 zář 2011 16:28
od falcon5583
Avast a AVG som tam skusal dat aby tam aspon cosi bolo na ochranu ale chcem tam dat Kaspersky.Ako tie zbytky zmazem?

Re: Virus

Napsal: 05 zář 2011 16:47
od Žbeky
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

Folder::
c:\program files (x86)\Avira
c:\program files (x86)\AVG
C:\$AVG
c:\users\shark\AppData\Roaming\AVG10
c:\programdata\AVG10
c:\windows\system32\drivers\AVG
c:\programdata\AVAST Software
c:\program files\AVAST Software
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.8.1
c:\programdata\Kaspersky Lab Setup Files
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk
c:\programdata\MFAData
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0

File::
c:\windows\system32\aswBoot.exe
c:\windows\unrar.exe
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\drivers\avipbb.sys
c:\windows\system32\DRIVERS\avgfwd6a.sys

Driver::
AntiVirSchedulerService
AntiVirWebService
Avgfwfd

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Re: Virus

Napsal: 06 zář 2011 14:09
od falcon5583
tu je ten log stale tam blbne ten sprosty AVG neviem....


ComboFix 11-09-02.04 - shark . 09. 2011 18:38:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2690 [GMT 2:00]
Running from: c:\users\shark\Desktop\ComboFix.exe
Command switches used :: c:\users\shark\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\aswBoot.exe"
"c:\windows\system32\DRIVERS\avgfwd6a.sys"
"c:\windows\system32\drivers\avgntflt.sys"
"c:\windows\system32\drivers\avipbb.sys"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\ace.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\arabica.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\boost.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\bsdiff.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\bzip.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\carp.html
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\cryptopp.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\curl.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\dazukofs.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\expat.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\imagemagick.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\infozip.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\lua.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\md4_md5_license.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\milter.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\minizip.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\openssl_license.html
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\sasl.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\tinyxml.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\unrar.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\untar.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\xalan_xerces.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\zlib.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\readme.txt
c:\program files (x86)\AVG\AVG2012\avg.snu
c:\program files (x86)\AVG\AVG2012\avg_sk.chm
c:\program files (x86)\AVG\AVG2012\avg_sk.lng
c:\program files (x86)\AVG\AVG2012\avg_us.chm
c:\program files (x86)\AVG\AVG2012\avg_us.lng
c:\program files (x86)\AVG\AVG2012\avgabout.dll
c:\program files (x86)\AVG\AVG2012\avgamnot.dll
c:\program files (x86)\AVG\AVG2012\avgapia.dll
c:\program files (x86)\AVG\AVG2012\avgapix.dll
c:\program files (x86)\AVG\AVG2012\avgapps.dll
c:\program files (x86)\AVG\AVG2012\avgar_sk.chm
c:\program files (x86)\AVG\AVG2012\avgar_us.chm
c:\program files (x86)\AVG\AVG2012\avgatend.stp
c:\program files (x86)\AVG\AVG2012\avgatupd.stp
c:\program files (x86)\AVG\AVG2012\avgcclia.dll
c:\program files (x86)\AVG\AVG2012\avgcclix.dll
c:\program files (x86)\AVG\AVG2012\avgcerta.dll
c:\program files (x86)\AVG\AVG2012\avgcertx.dll
c:\program files (x86)\AVG\AVG2012\avgcfga.dll
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
c:\program files (x86)\AVG\AVG2012\avgcfgx.dll
c:\program files (x86)\AVG\AVG2012\avgclita.dll
c:\program files (x86)\AVG\AVG2012\avgclitx.dll
c:\program files (x86)\AVG\AVG2012\avgcmgr.exe
c:\program files (x86)\AVG\AVG2012\avgcorea.dll
c:\program files (x86)\AVG\AVG2012\avgcorex.dll
c:\program files (x86)\AVG\AVG2012\avgcrema.exe
c:\program files (x86)\AVG\AVG2012\avgcsla.dll
c:\program files (x86)\AVG\AVG2012\avgcslx.dll
c:\program files (x86)\AVG\AVG2012\avgcsrva.exe
c:\program files (x86)\AVG\AVG2012\avgcsrvx.exe
c:\program files (x86)\AVG\AVG2012\avgdecider.dll
c:\program files (x86)\AVG\AVG2012\avgdg_sk.chm
c:\program files (x86)\AVG\AVG2012\avgdg_us.chm
c:\program files (x86)\AVG\AVG2012\avgdiagex.exe
c:\program files (x86)\AVG\AVG2012\avgdumpa.exe
c:\program files (x86)\AVG\AVG2012\avgdumpx.exe
c:\program files (x86)\AVG\AVG2012\avgemca.exe
c:\program files (x86)\AVG\AVG2012\avgf_sk.chm
c:\program files (x86)\AVG\AVG2012\avgf_us.chm
c:\program files (x86)\AVG\AVG2012\avgfree_sk.mht
c:\program files (x86)\AVG\AVG2012\avgfree_us.mht
c:\program files (x86)\AVG\AVG2012\avgchcla.dll
c:\program files (x86)\AVG\AVG2012\avgchclx.dll
c:\program files (x86)\AVG\AVG2012\avgchjwa.dll
c:\program files (x86)\AVG\AVG2012\avgidp_sk.chm
c:\program files (x86)\AVG\AVG2012\avgidp_us.chm
c:\program files (x86)\AVG\AVG2012\avgidpmx.dll
c:\program files (x86)\AVG\AVG2012\avgidpsdkx.dll
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\AVG\AVG2012\avglnga.dll
c:\program files (x86)\AVG\AVG2012\avglngx.dll
c:\program files (x86)\AVG\AVG2012\avgloga.dll
c:\program files (x86)\AVG\AVG2012\avglogx.dll
c:\program files (x86)\AVG\AVG2012\avgls_sk.chm
c:\program files (x86)\AVG\AVG2012\avgls_us.chm
c:\program files (x86)\AVG\AVG2012\avglscanx.exe
c:\program files (x86)\AVG\AVG2012\avgmfapx.exe
c:\program files (x86)\AVG\AVG2012\avgmfarx.dll
c:\program files (x86)\AVG\AVG2012\avgmtrapx.dll
c:\program files (x86)\AVG\AVG2012\avgmvfla.dll
c:\program files (x86)\AVG\AVG2012\avgmvflx.dll
c:\program files (x86)\AVG\AVG2012\avgmwdef_sk.mht
c:\program files (x86)\AVG\AVG2012\avgmwdef_us.mht
c:\program files (x86)\AVG\AVG2012\avgnsa.exe
c:\program files (x86)\AVG\AVG2012\avgntdumpa.exe
c:\program files (x86)\AVG\AVG2012\avgntdumpx.exe
c:\program files (x86)\AVG\AVG2012\avgntopenssla.dll
c:\program files (x86)\AVG\AVG2012\avgntopensslx.dll
c:\program files (x86)\AVG\AVG2012\avgntsqlitea.dll
c:\program files (x86)\AVG\AVG2012\avgntsqlitex.dll
c:\program files (x86)\AVG\AVG2012\avgopenssla.dll
c:\program files (x86)\AVG\AVG2012\avgopensslx.dll
c:\program files (x86)\AVG\AVG2012\avgoutlooka.dll
c:\program files (x86)\AVG\AVG2012\avgoutlookx.dll
c:\program files (x86)\AVG\AVG2012\avgpostinstx.dll
c:\program files (x86)\AVG\AVG2012\avgpp.dll
c:\program files (x86)\AVG\AVG2012\avgppa.dll
c:\program files (x86)\AVG\AVG2012\avgresf.dll
c:\program files (x86)\AVG\AVG2012\avgrkta.dll
c:\program files (x86)\AVG\AVG2012\avgrsa.exe
c:\program files (x86)\AVG\AVG2012\avgsals_sk.mht
c:\program files (x86)\AVG\AVG2012\avgsals_us.mht
c:\program files (x86)\AVG\AVG2012\avgsbfree_sk.mht
c:\program files (x86)\AVG\AVG2012\avgsbfree_us.mht
c:\program files (x86)\AVG\AVG2012\avgsbga.dll
c:\program files (x86)\AVG\AVG2012\avgscana.dll
c:\program files (x86)\AVG\AVG2012\avgscana.exe
c:\program files (x86)\AVG\AVG2012\avgscanx.dll
c:\program files (x86)\AVG\AVG2012\avgscanx.exe
c:\program files (x86)\AVG\AVG2012\avgse.dll
c:\program files (x86)\AVG\AVG2012\avgsea.dll
c:\program files (x86)\AVG\AVG2012\avgsched.dll
c:\program files (x86)\AVG\AVG2012\avgsrma.dll
c:\program files (x86)\AVG\AVG2012\avgsrmaa.exe
c:\program files (x86)\AVG\AVG2012\avgsrmax.exe
c:\program files (x86)\AVG\AVG2012\avgsrmx.dll
c:\program files (x86)\AVG\AVG2012\avgssie.dll
c:\program files (x86)\AVG\AVG2012\avgssiea.dll
c:\program files (x86)\AVG\AVG2012\avgsysa.dll
c:\program files (x86)\AVG\AVG2012\avgsysx.dll
c:\program files (x86)\AVG\AVG2012\avgtbapi.dll
c:\program files (x86)\AVG\AVG2012\AVGTBInstall.exe
c:\program files (x86)\AVG\AVG2012\avgtray.exe
c:\program files (x86)\AVG\AVG2012\avgtrial_sk.mht
c:\program files (x86)\AVG\AVG2012\avgtrial_us.mht
c:\program files (x86)\AVG\AVG2012\avgui.exe
c:\program files (x86)\AVG\AVG2012\avguiadv.dll
c:\program files (x86)\AVG\AVG2012\avguires.dll
c:\program files (x86)\AVG\AVG2012\avgupd.sig
c:\program files (x86)\AVG\AVG2012\avgupdx.dll
c:\program files (x86)\AVG\AVG2012\avgutila.dll
c:\program files (x86)\AVG\AVG2012\avgutilx.dll
c:\program files (x86)\AVG\AVG2012\avgvva.dll
c:\program files (x86)\AVG\AVG2012\avgvvx.dll
c:\program files (x86)\AVG\AVG2012\avgwd.dll
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\AVG\AVG2012\avgwdwsc.dll
c:\program files (x86)\AVG\AVG2012\avgwebui.dll
c:\program files (x86)\AVG\AVG2012\avgwsc.exe
c:\program files (x86)\AVG\AVG2012\avgxpl.dll
c:\program files (x86)\AVG\AVG2012\avgxpla.dll
c:\program files (x86)\AVG\AVG2012\awacs\dav\component\content.dat
c:\program files (x86)\AVG\AVG2012\awacs\dav\component\image.bmp
c:\program files (x86)\AVG\AVG2012\awacs\dav\sign.bin
c:\program files (x86)\AVG\AVG2012\awacs\fas\component\content.dat
c:\program files (x86)\AVG\AVG2012\awacs\fas\component\image.bmp
c:\program files (x86)\AVG\AVG2012\awacs\fas\sign.bin
c:\program files (x86)\AVG\AVG2012\awacs\obx\component\content.dat
c:\program files (x86)\AVG\AVG2012\awacs\obx\component\image.bmp
c:\program files (x86)\AVG\AVG2012\awacs\obx\sign.bin
c:\program files (x86)\AVG\AVG2012\awacs\pct\component\content.dat
c:\program files (x86)\AVG\AVG2012\awacs\pct\component\image.bmp
c:\program files (x86)\AVG\AVG2012\awacs\pct\sign.bin
c:\program files (x86)\AVG\AVG2012\awacs\rules.cat
c:\program files (x86)\AVG\AVG2012\awacs\rules.js
c:\program files (x86)\AVG\AVG2012\axioo.dll
c:\program files (x86)\AVG\AVG2012\cf.dat
c:\program files (x86)\AVG\AVG2012\compat.ini
c:\program files (x86)\AVG\AVG2012\contacts_sk.html
c:\program files (x86)\AVG\AVG2012\contacts_us.html
c:\program files (x86)\AVG\AVG2012\dfncfg.dat
c:\program files (x86)\AVG\AVG2012\Drivers\avgld.cat
c:\program files (x86)\AVG\AVG2012\Drivers\avgld.inf
c:\program files (x86)\AVG\AVG2012\Drivers\avgldx64.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgldx86.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgmf.cat
c:\program files (x86)\AVG\AVG2012\Drivers\avgmf.inf
c:\program files (x86)\AVG\AVG2012\Drivers\avgmfx64.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgmfx86.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgrk.cat
c:\program files (x86)\AVG\AVG2012\Drivers\avgrk.inf
c:\program files (x86)\AVG\AVG2012\Drivers\avgrkx64.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgrkx86.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgtdi.cat
c:\program files (x86)\AVG\AVG2012\Drivers\avgtdi.inf
c:\program files (x86)\AVG\AVG2012\Drivers\avgtdia.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgtdix.sys
c:\program files (x86)\AVG\AVG2012\Drivers\ErHr7x64\AVGIDSEH.cat
c:\program files (x86)\AVG\AVG2012\Drivers\ErHr7x64\AVGIDSEH.inf
c:\program files (x86)\AVG\AVG2012\Drivers\ErHr7x64\AVGIDSEH.sys
c:\program files (x86)\AVG\AVG2012\Drivers\platform_WIN7\UniversalDD.sys
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSDriver.cat
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSDriver.inf
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSDriver.sys
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSFilter.cat
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSFilter.inf
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSFilter.sys
c:\program files (x86)\AVG\AVG2012\Firefox\Chrome\searchshield.jar
c:\program files (x86)\AVG\AVG2012\Firefox4\Components\avgssff4.dll
c:\program files (x86)\AVG\AVG2012\Firefox4\Components\avgssff5.dll
c:\program files (x86)\AVG\AVG2012\Firefox4\Components\avgssff6.dll
c:\program files (x86)\AVG\AVG2012\Firefox4\Components\ISearchShield4.xpt
c:\program files (x86)\AVG\AVG2012\Firefox4\chrome.manifest
c:\program files (x86)\AVG\AVG2012\Firefox4\Chrome\searchshield.jar
c:\program files (x86)\AVG\AVG2012\Firefox4\install.rdf
c:\program files (x86)\AVG\AVG2012\fixcfg.exe
c:\program files (x86)\AVG\AVG2012\HtmLayout.dll
c:\program files (x86)\AVG\AVG2012\Chrome\safesearch.crx
c:\program files (x86)\AVG\AVG2012\Icons\alert_mask.png
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\block-doc.gif
c:\program files (x86)\AVG\AVG2012\Icons\blocked.gif
c:\program files (x86)\AVG\AVG2012\Icons\blocked12.png
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\box_bottom_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\box_top_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\caution.gif
c:\program files (x86)\AVG\AVG2012\Icons\caution12.png
c:\program files (x86)\AVG\AVG2012\Icons\click_here_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\click_here_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\click_here_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\click_here_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\click_here_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\clock.gif
c:\program files (x86)\AVG\AVG2012\Icons\clock12.png
c:\program files (x86)\AVG\AVG2012\Icons\close.gif
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_bl.png
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_br.png
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_r.png
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_tl.png
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_tr.png
c:\program files (x86)\AVG\AVG2012\Icons\icons_blocked.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_caution.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_close.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_safe.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_unknown.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_warning.gif
c:\program files (x86)\AVG\AVG2012\Icons\LS_Logo_Results.gif
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_bl.png
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_br.png
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_r.png
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_tl.png
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_tr.png
c:\program files (x86)\AVG\AVG2012\Icons\product_logo.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_bl.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_br.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_r.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_tl.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_tr.png
c:\program files (x86)\AVG\AVG2012\Icons\safe.gif
c:\program files (x86)\AVG\AVG2012\Icons\safe12.png
c:\program files (x86)\AVG\AVG2012\Icons\toolbar_en.bmp
c:\program files (x86)\AVG\AVG2012\Icons\unknown.gif
c:\program files (x86)\AVG\AVG2012\Icons\vrsn-secured-lsfo.gif
c:\program files (x86)\AVG\AVG2012\Icons\warning.gif
c:\program files (x86)\AVG\AVG2012\Icons\warning12.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_bl.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_br.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_r.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_tl.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_tr.png
c:\program files (x86)\AVG\AVG2012\js.dat
c:\program files (x86)\AVG\AVG2012\license_sk.htm
c:\program files (x86)\AVG\AVG2012\license_us.htm
c:\program files (x86)\AVG\AVG2012\mfask.lns
c:\program files (x86)\AVG\AVG2012\mfaus.lns
c:\program files (x86)\AVG\AVG2012\mfavera.txt
c:\program files (x86)\AVG\AVG2012\mfaverx.txt
c:\program files (x86)\AVG\AVG2012\mwbsr_e_free_sk.mht
c:\program files (x86)\AVG\AVG2012\mwbsr_e_free_us.mht
c:\program files (x86)\AVG\AVG2012\mwbsr_f_free_sk.mht
c:\program files (x86)\AVG\AVG2012\mwbsr_f_free_us.mht
c:\program files (x86)\AVG\AVG2012\PCTuneup\AxBrowsers.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\DiskCleanerHelper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\DiskDefragHelper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\helper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\localizer.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe
c:\program files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\PerlRegExp.bpl
c:\program files (x86)\AVG\AVG2012\PCTuneup\RegistryCleanerHelper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\RescueCenterHelper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\rtl120.bpl
c:\program files (x86)\AVG\AVG2012\PCTuneup\vcl120.bpl
c:\program files (x86)\AVG\AVG2012\ph.dat
c:\program files (x86)\AVG\AVG2012\sb.dat
c:\program files (x86)\AVG\AVG2012\sb.dat.xcd
c:\program files (x86)\AVG\AVG2012\sb2.dat
c:\program files (x86)\AVG\AVG2012\sc.dat
c:\program files (x86)\AVG\AVG2012\sc.dat.xcd
c:\program files (x86)\AVG\AVG2012\sounds\scan_finish_threat_found.wav
c:\program files (x86)\AVG\AVG2012\sounds\scan_os_alert.wav
c:\program files (x86)\AVG\AVG2012\sounds\scan_rs_alert.wav
c:\program files (x86)\AVG\AVG2012\sounds\update_end_fail.wav
c:\program files (x86)\AVG\AVG2012\updatecomps.bak
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\programdata\Kaspersky Lab Setup Files
c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\cs\kavkis.msi
c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\cs\setup.exe
c:\programdata\MFAData
c:\programdata\MFAData\logs\avgInfoCollector.log
c:\programdata\MFAData\logs\avgInfoCollector.log.lock
c:\programdata\MFAData\logs\mfa-20110820-091612.log
c:\programdata\MFAData\logs\mfa-20110820-091634.log
c:\programdata\MFAData\logs\mfa-20110820-092339.log
c:\programdata\MFAData\logs\mfa-20110820-092949.log
c:\programdata\MFAData\logs\mfa-20110826-162614.log
c:\programdata\MFAData\logs\mfa-20110829-072140.log
c:\programdata\MFAData\logs\mfa-20110829-073135.log
c:\programdata\MFAData\logs\mfa-20110829-073140.log
c:\programdata\MFAData\logs\mfa-20110903-101147.log
c:\programdata\MFAData\logs\mfa-20110903-111803.log
c:\programdata\MFAData\logs\msi-20110820-091634.log
c:\programdata\MFAData\logs\msi-20110826-162614.log
c:\programdata\MFAData\logs\msi-20110829-072140.log
c:\programdata\MFAData\logs\msi-20110829-073140.log
c:\programdata\MFAData\logs\msi-20110903-101147.log
c:\programdata\MFAData\logs\msi-20110903-111803.log
c:\programdata\MFAData\mfaurlconf.ini
c:\programdata\MFAData\mkt\dtc\res\bullet04.gif
c:\programdata\MFAData\mkt\dtc\res\offer.css
c:\programdata\MFAData\mkt\dtc\sk\ToolbarOfferScreen.html
c:\programdata\MFAData\mkt\res\LinkScanner-style.css
c:\programdata\MFAData\mkt\res\LinkScanner.jpg
c:\programdata\MFAData\mkt\res\OK.png
c:\programdata\MFAData\mkt\res\Smart-Scanning.jpg
c:\programdata\MFAData\mkt\res\SmartScanning-style.css
c:\programdata\MFAData\mkt\res\Social-Networking.jpg
c:\programdata\MFAData\mkt\res\SocialNetworking-style.css
c:\programdata\MFAData\mkt\res\style.css
c:\programdata\MFAData\mkt\res\w7_active.png
c:\programdata\MFAData\mkt\res\w7_active_check.png
c:\programdata\MFAData\mkt\res\w7_disable_check.png
c:\programdata\MFAData\mkt\res\w7_disable_uncheck.png
c:\programdata\MFAData\mkt\res\w7_hover.png
c:\programdata\MFAData\mkt\res\w7_hover_check.png
c:\programdata\MFAData\mkt\res\w7_check.png
c:\programdata\MFAData\mkt\res\w7_uncheck.png
c:\programdata\MFAData\mkt\sk\dm_marketing_message-sk.html
c:\programdata\MFAData\mkt\sk\Installation-Page_LinkScanner.html
c:\programdata\MFAData\mkt\sk\Installation-Page_Smart-Scanning.html
c:\programdata\MFAData\mkt\sk\Installation-Page_Social-Networking.html
c:\programdata\MFAData\msistorg.dat
c:\programdata\MFAData\msistorg.dat.bkp
c:\programdata\MFAData\public_installation_log.xml
c:\programdata\MFAData\SelfUpd\avgmfapx.exe
c:\programdata\MFAData\SelfUpd\avgmfarx.dll
c:\programdata\MFAData\SelfUpd\avgntdumpx.exe
c:\programdata\MFAData\SelfUpd\avgrunasx.exe
c:\programdata\MFAData\SelfUpd\bins\f10mfa1392b1391da.bin
c:\programdata\MFAData\SelfUpd\bins\f10mfa1392lq.bin
c:\programdata\MFAData\SelfUpd\bins\f10upd1392b1391hv.bin
c:\programdata\MFAData\SelfUpd\compat.ini
c:\programdata\MFAData\SelfUpd\htmlayout.dll
c:\programdata\MFAData\SelfUpd\license_cz.htm
c:\programdata\MFAData\SelfUpd\license_da.htm
c:\programdata\MFAData\SelfUpd\license_es.htm
c:\programdata\MFAData\SelfUpd\license_fr.htm
c:\programdata\MFAData\SelfUpd\license_ge.htm
c:\programdata\MFAData\SelfUpd\license_hu.htm
c:\programdata\MFAData\SelfUpd\license_id.htm
c:\programdata\MFAData\SelfUpd\license_in.htm
c:\programdata\MFAData\SelfUpd\license_it.htm
c:\programdata\MFAData\SelfUpd\license_jp.htm
c:\programdata\MFAData\SelfUpd\license_ko.htm
c:\programdata\MFAData\SelfUpd\license_ms.htm
c:\programdata\MFAData\SelfUpd\license_nl.htm
c:\programdata\MFAData\SelfUpd\license_pb.htm
c:\programdata\MFAData\SelfUpd\license_pl.htm
c:\programdata\MFAData\SelfUpd\license_pt.htm
c:\programdata\MFAData\SelfUpd\license_ru.htm
c:\programdata\MFAData\SelfUpd\license_sc.htm
c:\programdata\MFAData\SelfUpd\license_sk.htm
c:\programdata\MFAData\SelfUpd\license_sp.htm
c:\programdata\MFAData\SelfUpd\license_tr.htm
c:\programdata\MFAData\SelfUpd\license_us.htm
c:\programdata\MFAData\SelfUpd\license_zh.htm
c:\programdata\MFAData\SelfUpd\license_zt.htm
c:\programdata\MFAData\SelfUpd\mfaconf.txt
c:\programdata\MFAData\SelfUpd\mfacz.lns
c:\programdata\MFAData\SelfUpd\mfada.lns
c:\programdata\MFAData\SelfUpd\mfaes.lns
c:\programdata\MFAData\SelfUpd\mfafr.lns
c:\programdata\MFAData\SelfUpd\mfage.lns
c:\programdata\MFAData\SelfUpd\mfahu.lns
c:\programdata\MFAData\SelfUpd\mfaid.lns
c:\programdata\MFAData\SelfUpd\mfain.lns
c:\programdata\MFAData\SelfUpd\mfait.lns
c:\programdata\MFAData\SelfUpd\mfajp.lns
c:\programdata\MFAData\SelfUpd\mfako.lns
c:\programdata\MFAData\SelfUpd\mfams.lns
c:\programdata\MFAData\SelfUpd\mfanl.lns
c:\programdata\MFAData\SelfUpd\mfapb.lns
c:\programdata\MFAData\SelfUpd\mfapl.lns
c:\programdata\MFAData\SelfUpd\mfapt.lns
c:\programdata\MFAData\SelfUpd\mfaru.lns
c:\programdata\MFAData\SelfUpd\mfasc.lns
c:\programdata\MFAData\SelfUpd\mfask.lns
c:\programdata\MFAData\SelfUpd\mfasp.lns
c:\programdata\MFAData\SelfUpd\mfatr.lns
c:\programdata\MFAData\SelfUpd\mfaus.lns
c:\programdata\MFAData\SelfUpd\mfavera.txt
c:\programdata\MFAData\SelfUpd\mfaverx.txt
c:\programdata\MFAData\SelfUpd\mfazh.lns
c:\programdata\MFAData\SelfUpd\mfazt.lns
c:\users\shark\AppData\Roaming\AVG10
c:\users\shark\AppData\Roaming\AVG10\cfgall\usergui.cfg
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\system32\aswBoot.exe
c:\windows\system32\drivers\AVG
c:\windows\system32\drivers\AVG\iavichjw.avm
c:\windows\system32\drivers\AVG\incavi.avm
c:\windows\system32\DRIVERS\avgfwd6a.sys
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\drivers\avipbb.sys
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.8.1
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGFWFD
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
-------\Service_Avgfwfd
-------\Legacy_avipbb
-------\Service_AVGIDSAgent
-------\Service_avgwd
-------\Service_avipbb
-------\Service_AVGIDSAgent
-------\Service_avgwd
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 16:43 . 2011-09-05 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-04 07:35 . 2011-08-19 14:33 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-09-04 07:35 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-09-03 11:21 . 2011-09-03 11:21 -------- d-----w- c:\users\shark\AppData\Roaming\AVG2012
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-09-03 11:20 . 2011-09-03 11:23 -------- d-----w- c:\programdata\AVG2012
2011-09-02 15:00 . 2011-09-02 15:00 -------- d-----w- c:\users\shark\AppData\Roaming\Malwarebytes
2011-09-02 14:59 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\programdata\Malwarebytes
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 14:59 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 14:24 . 2011-08-29 14:25 -------- d-----w- c:\users\Guest
2011-08-29 14:02 . 2011-08-29 14:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-26 15:57 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2FF79A4-71DB-4034-8A51-AD43AB539929}\mpengine.dll
2011-08-25 18:23 . 2011-08-25 18:23 22567 ----a-w- c:\programdata\1314296490.bdinstall.bin
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files\Common Files\Bitdefender
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2011-08-25 18:19 . 2011-08-27 15:37 -------- d-----w- c:\users\shark\AppData\Roaming\QuickScan
2011-08-25 17:47 . 2011-08-15 11:19 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-25 17:47 . 2011-08-15 11:13 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-25 17:47 . 2011-08-15 11:13 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-25 17:47 . 2011-08-25 17:47 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-08-25 17:46 . 2011-08-25 17:47 -------- d-----w- c:\programdata\TuneUp Software
2011-08-25 17:46 . 2011-08-25 17:46 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-24 15:56 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 14:13 . 2011-08-25 16:53 -------- d-----w- c:\programdata\PC Tools
2011-08-20 09:40 . 2011-08-20 09:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-20 09:31 . 2011-08-20 09:31 -------- d--h--w- c:\programdata\Common Files
2011-08-16 15:50 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-08-16 15:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-08-16 15:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-08-16 15:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-08-16 15:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-08-16 15:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-08-16 15:50 . 2002-08-22 04:00 413760 ----a-w- c:\windows\SysWow64\DivXc32f.dll
2011-08-16 15:50 . 2002-08-01 09:03 413760 ----a-w- c:\windows\SysWow64\DivXc32.dll
2011-08-16 15:50 . 2001-02-25 01:19 287744 ----a-w- c:\windows\SysWow64\divxa32.acm
2011-08-14 12:47 . 2005-06-24 14:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2011-08-14 12:47 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-08-14 12:47 . 2005-11-13 21:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-14 12:47 . 2005-11-13 21:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-14 12:47 . 2005-11-13 21:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-14 12:47 . 2005-11-13 21:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-14 12:47 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-14 12:47 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-14 12:47 . 2005-11-13 21:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-14 12:47 . 2011-08-14 12:47 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-14 12:47 . 2011-08-14 12:47 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-12 16:17 . 2011-09-02 16:43 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-10 16:06 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-08 04:08 . 2011-08-08 04:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 03:05 . 2010-09-28 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-16 04:26 . 2011-08-10 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-10 23:14 . 2011-07-10 23:14 375376 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-07-10 23:14 . 2011-07-10 23:14 29776 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-10 23:14 . 2011-07-10 23:14 26704 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-10 23:14 . 2011-07-10 23:14 120400 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-10 23:13 . 2011-07-10 23:13 282704 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-07-10 23:13 . 2011-07-10 23:13 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-06-11 03:07 . 2011-07-13 16:23 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} ----
.
2011-08-25 17:46 . 2011-08-25 17:46 18427392 ----a-w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-03_10.52.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-05 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-05 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 04:58 . 2011-09-05 16:18 49540 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-05 16:18 33400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-20 04:50 . 2011-09-05 16:18 13014 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3898257279-3220266764-3061120529-1000_UserData.bin
+ 2010-08-20 04:40 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:40 . 2011-09-04 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-05 16:44 . 2011-09-05 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-03 10:52 . 2011-09-03 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 16:44 . 2011-09-05 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-03 10:52 . 2011-09-03 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-09-03 10:51 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-05 16:43 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-05 16:10 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-13 18:06 . 2011-09-05 16:43 2269684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3898257279-3220266764-3061120529-1000-12288.dat
+ 2011-09-03 11:18 . 2011-09-03 11:18 7524352 c:\windows\Installer\19b429.msi
+ 2011-09-03 11:19 . 2011-09-03 11:19 2830336 c:\windows\Installer\19b425.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-03 11:20 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-03 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-09-03 218440]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-27 273544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-15 2027840]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-03 246600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"combofix"="c:\combofix\CF22365.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\shark\AppData\Roaming\Mozilla\Firefox\Profiles\fl1zbh1l.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bde75066d-d3c5-4b56-8eca-9255a7ac95be%7D&mid=74ebdd74fd1547d1899899127fa10d60-3b6e247033f8bac00c4b8d93e38beb5da4ada412&ds=AVG&v=8.0.0.34&lang=sk&pr=fr&d=2011-09-03%2013%3A20%3A51&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
.
[HKEY_USERS\S-1-5-21-3898257279-3220266764-3061120529-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,55,3e,53,f3,41,92,c4,75,8b,14,2c,ad,b1,3d,1e,b3,4d,d3,69,cd,
0d,e3,72,42,1f,1f,28,af,2c,41,29,1e,ba,ba,4e,d4,ff,dd,c4,8d,29,b6,e7,30,dc,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2011-09-05 18:47:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 16:47
ComboFix2.txt 2011-09-03 10:55
.
Pre-Run: 183 556 919 296 bytes free
Post-Run: 182 908 084 224 bytes free
.
- - End Of File - - 6FAC6406C98866EE77A28645885D77D3
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz