Virus

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

Odpovědět
falcon5583
Level 1
Level 1
Příspěvky: 91
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Virus

Příspěvekod falcon5583 » 01 zář 2011 17:25

Ahojte.Kamarat klikol na facebooku na daky odkaz a chytil virus.Mal tam nainstalovanu Aviru free Antivir a od vtedy je cely antivir seknuty nereaguje.Virus som odstranil online scanerom a chcel som odinstalovat aj tu aviru z programovej ponuky mi zmizla ale ked som chcel nainstalovat Kaspersky security pise mi ze musim odinstalovat najskor Aviru ale to nejde nemozem ju nikde najst a pritom v procesoch bezi...od vtedy tam nejde ani facebook nacitat sekol sa s tou Avirou.Prosim vas co mam s tym robit nerad by som preinstalovaval win 7.Dakujem za rady
Nahoru
Reklama
Top
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod Žbeky » 01 zář 2011 17:31

FB vir je mnohem komplexnější a potřebuje víc než nějaký online scanner.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
falcon5583
Level 1
Level 1
Příspěvky: 91
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod falcon5583 » 01 zář 2011 18:33

ja to skusim v najblisej dobe je to kamaratove PC ozvem sa diky moc zatial
Nahoru
falcon5583
Level 1
Level 1
Příspěvky: 91
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod falcon5583 » 02 zář 2011 23:44

Zdravim tu je ten LOG

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7637

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

2. 9. 2011 17:06:54
kontrola PC

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 190355
Uplynutý čas: 2 min, 18 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 6
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 14

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované súbory:
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
Nahoru
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod Žbeky » 03 zář 2011 00:00

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
falcon5583
Level 1
Level 1
Příspěvky: 91
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod falcon5583 » 03 zář 2011 00:33

Ok skusim
Nahoru
Uživatelský avatar
bledulka
Level 5
Level 5
Příspěvky: 2242
Registrován: srpen 09
Pohlaví: Žena
Stav:
Offline

Re: Virus

Příspěvekod bledulka » 03 zář 2011 21:47

A pak sem vlož log :D
Nahoru
falcon5583
Level 1
Level 1
Příspěvky: 91
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod falcon5583 » 05 zář 2011 11:30

Chalani tak sme to skusili uz mu aj ten facebook ide v pohode.Ale je tu stale ten problem s tou Avirou.Aku je dat prec.Chcem tam nainstalovat Toho KAsperskeho ale hlasi ze ju musim unistall ale nikde ju nemozem najst robo to od vtedy ako tam chytil ten virus s facebooku odvtedy Tu Aviru odpisalo...posielam ten log...

odstránene hrozby...


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7641

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

3. 9. 2011 11:34:22
mbam-log-2011-09-03 (11-34-22).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 190688
Uplynutý čas: 1 min, 57 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 6
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 14

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované priečinky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované súbory:
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

ComboFix

ComboFix 11-09-02.04 - shark . 09. 2011 12:48:03.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2790 [GMT 2:00]
Running from: c:\users\shark\AppData\Local\Temp\Rar$EX00.523\ComboFix\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\shark\AppData\Roaming\inst.exe
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\SysWow64\simdpp.dll
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Files Created from 2011-08-03 to 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 10:51 . 2011-09-03 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-02 15:00 . 2011-09-02 15:00 -------- d-----w- c:\users\shark\AppData\Roaming\Malwarebytes
2011-09-02 14:59 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\programdata\Malwarebytes
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 14:59 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 14:24 . 2011-08-29 14:25 -------- d-----w- c:\users\Guest
2011-08-29 14:02 . 2011-08-29 14:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-29 07:34 . 2011-08-29 07:34 -------- d-----w- c:\program files (x86)\AVG
2011-08-26 17:05 . 2011-08-26 17:05 -------- d-----w- C:\$AVG
2011-08-26 16:30 . 2011-08-26 16:30 -------- d-----w- c:\users\shark\AppData\Roaming\AVG10
2011-08-26 16:28 . 2011-09-03 10:14 -------- d-----w- c:\programdata\AVG10
2011-08-26 16:28 . 2011-09-03 10:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-26 16:06 . 2011-08-26 16:22 -------- d-----w- c:\programdata\AVAST Software
2011-08-26 16:06 . 2011-08-26 16:06 -------- d-----w- c:\program files\AVAST Software
2011-08-26 15:57 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2FF79A4-71DB-4034-8A51-AD43AB539929}\mpengine.dll
2011-08-25 18:23 . 2011-08-25 18:23 22567 ----a-w- c:\programdata\1314296490.bdinstall.bin
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files\Common Files\Bitdefender
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2011-08-25 18:19 . 2011-08-27 15:37 -------- d-----w- c:\users\shark\AppData\Roaming\QuickScan
2011-08-25 17:47 . 2011-08-15 11:19 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-25 17:47 . 2011-08-15 11:13 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-25 17:47 . 2011-08-15 11:13 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-25 17:47 . 2011-08-25 17:47 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-08-25 17:46 . 2011-08-25 17:47 -------- d-----w- c:\programdata\TuneUp Software
2011-08-25 17:46 . 2011-08-25 17:46 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-25 17:34 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-7-0
2011-08-25 17:34 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-08-25 17:32 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-25 17:09 . 2011-08-25 17:09 -------- d--h--w- c:\windows\update.8.1
2011-08-25 17:08 . 2011-08-25 17:08 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-08-24 15:56 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 14:13 . 2011-08-25 16:53 -------- d-----w- c:\programdata\PC Tools
2011-08-20 11:55 . 2011-08-20 11:55 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-08-20 09:40 . 2011-08-20 09:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-20 09:31 . 2011-08-20 09:31 -------- d--h--w- c:\programdata\Common Files
2011-08-20 09:22 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-12-0
2011-08-20 09:22 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-08-20 09:16 . 2011-09-03 10:13 -------- d-----w- c:\programdata\MFAData
2011-08-19 18:23 . 2011-08-25 18:07 -------- d-----w- c:\windows\ufa
2011-08-19 18:14 . 2011-08-25 17:38 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 18:12 . 2011-08-25 17:36 -------- d-----w- c:\windows\av_ico
2011-08-19 18:11 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-8-0-lnk
2011-08-19 18:11 . 2011-08-25 19:14 -------- d--h--w- c:\windows\update.tray-8-0
2011-08-16 15:50 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-08-16 15:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-08-16 15:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-08-16 15:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-08-16 15:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-08-16 15:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-08-16 15:50 . 2002-08-22 04:00 413760 ----a-w- c:\windows\SysWow64\DivXc32f.dll
2011-08-16 15:50 . 2002-08-01 09:03 413760 ----a-w- c:\windows\SysWow64\DivXc32.dll
2011-08-16 15:50 . 2001-02-25 01:19 287744 ----a-w- c:\windows\SysWow64\divxa32.acm
2011-08-14 12:47 . 2005-06-24 14:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2011-08-14 12:47 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-08-14 12:47 . 2005-11-13 21:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-14 12:47 . 2005-11-13 21:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-14 12:47 . 2005-11-13 21:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-14 12:47 . 2005-11-13 21:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-14 12:47 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-14 12:47 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-14 12:47 . 2005-11-13 21:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-14 12:47 . 2011-08-14 12:47 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-14 12:47 . 2011-08-14 12:47 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-12 16:17 . 2011-09-02 16:43 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-10 16:06 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 09:30 . 2011-04-22 12:11 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-20 09:30 . 2011-04-22 12:11 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-19 03:05 . 2010-09-28 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-16 04:26 . 2011-08-10 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 03:07 . 2011-07-13 16:23 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-07 14:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-07 14:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-05 15:10 . 2011-06-05 15:10 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-15 2027840]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\shark\AppData\Roaming\Mozilla\Firefox\Profiles\fl1zbh1l.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
.
[HKEY_USERS\S-1-5-21-3898257279-3220266764-3061120529-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,55,3e,53,f3,41,92,c4,75,8b,14,2c,ad,b1,3d,1e,b3,4d,d3,69,cd,
0d,e3,72,42,1f,1f,28,af,2c,41,29,1e,ba,ba,4e,d4,ff,dd,c4,8d,29,b6,e7,30,dc,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2011-09-03 12:55:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-03 10:55
.
Pre-Run: 185 374 838 784 bytes free
Post-Run: 184 838 348 800 bytes free
.
- - End Of File - - 542447C851510E3A749A275AD1E5F7A2
Nahoru
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod Žbeky » 05 zář 2011 16:18

Avira? Vidím tam AVAST, AVG, KAsperskeho, ale aviru fakt ne. Chceš ty zbytky smazat?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
falcon5583
Level 1
Level 1
Příspěvky: 91
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod falcon5583 » 05 zář 2011 16:28

Avast a AVG som tam skusal dat aby tam aspon cosi bolo na ochranu ale chcem tam dat Kaspersky.Ako tie zbytky zmazem?
Nahoru
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod Žbeky » 05 zář 2011 16:47

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

Folder::
c:\program files (x86)\Avira
c:\program files (x86)\AVG
C:\$AVG
c:\users\shark\AppData\Roaming\AVG10
c:\programdata\AVG10
c:\windows\system32\drivers\AVG
c:\programdata\AVAST Software
c:\program files\AVAST Software
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.8.1
c:\programdata\Kaspersky Lab Setup Files
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk
c:\programdata\MFAData
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0

File::
c:\windows\system32\aswBoot.exe
c:\windows\unrar.exe
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\drivers\avipbb.sys
c:\windows\system32\DRIVERS\avgfwd6a.sys

Driver::
AntiVirSchedulerService
AntiVirWebService
Avgfwfd

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
falcon5583
Level 1
Level 1
Příspěvky: 91
Registrován: březen 11
Pohlaví: Muž
Stav:
Offline

Re: Virus

Příspěvekod falcon5583 » 06 zář 2011 14:09

tu je ten log stale tam blbne ten sprosty AVG neviem....


ComboFix 11-09-02.04 - shark . 09. 2011 18:38:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2690 [GMT 2:00]
Running from: c:\users\shark\Desktop\ComboFix.exe
Command switches used :: c:\users\shark\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\aswBoot.exe"
"c:\windows\system32\DRIVERS\avgfwd6a.sys"
"c:\windows\system32\drivers\avgntflt.sys"
"c:\windows\system32\drivers\avipbb.sys"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\ace.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\arabica.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\boost.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\bsdiff.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\bzip.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\carp.html
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\cryptopp.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\curl.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\dazukofs.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\expat.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\imagemagick.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\infozip.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\lua.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\md4_md5_license.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\milter.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\minizip.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\openssl_license.html
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\sasl.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\tinyxml.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\unrar.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\untar.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\xalan_xerces.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\licenses\zlib.txt
c:\program files (x86)\AVG\AVG2012\3rd_party\readme.txt
c:\program files (x86)\AVG\AVG2012\avg.snu
c:\program files (x86)\AVG\AVG2012\avg_sk.chm
c:\program files (x86)\AVG\AVG2012\avg_sk.lng
c:\program files (x86)\AVG\AVG2012\avg_us.chm
c:\program files (x86)\AVG\AVG2012\avg_us.lng
c:\program files (x86)\AVG\AVG2012\avgabout.dll
c:\program files (x86)\AVG\AVG2012\avgamnot.dll
c:\program files (x86)\AVG\AVG2012\avgapia.dll
c:\program files (x86)\AVG\AVG2012\avgapix.dll
c:\program files (x86)\AVG\AVG2012\avgapps.dll
c:\program files (x86)\AVG\AVG2012\avgar_sk.chm
c:\program files (x86)\AVG\AVG2012\avgar_us.chm
c:\program files (x86)\AVG\AVG2012\avgatend.stp
c:\program files (x86)\AVG\AVG2012\avgatupd.stp
c:\program files (x86)\AVG\AVG2012\avgcclia.dll
c:\program files (x86)\AVG\AVG2012\avgcclix.dll
c:\program files (x86)\AVG\AVG2012\avgcerta.dll
c:\program files (x86)\AVG\AVG2012\avgcertx.dll
c:\program files (x86)\AVG\AVG2012\avgcfga.dll
c:\program files (x86)\AVG\AVG2012\avgcfgex.exe
c:\program files (x86)\AVG\AVG2012\avgcfgx.dll
c:\program files (x86)\AVG\AVG2012\avgclita.dll
c:\program files (x86)\AVG\AVG2012\avgclitx.dll
c:\program files (x86)\AVG\AVG2012\avgcmgr.exe
c:\program files (x86)\AVG\AVG2012\avgcorea.dll
c:\program files (x86)\AVG\AVG2012\avgcorex.dll
c:\program files (x86)\AVG\AVG2012\avgcrema.exe
c:\program files (x86)\AVG\AVG2012\avgcsla.dll
c:\program files (x86)\AVG\AVG2012\avgcslx.dll
c:\program files (x86)\AVG\AVG2012\avgcsrva.exe
c:\program files (x86)\AVG\AVG2012\avgcsrvx.exe
c:\program files (x86)\AVG\AVG2012\avgdecider.dll
c:\program files (x86)\AVG\AVG2012\avgdg_sk.chm
c:\program files (x86)\AVG\AVG2012\avgdg_us.chm
c:\program files (x86)\AVG\AVG2012\avgdiagex.exe
c:\program files (x86)\AVG\AVG2012\avgdumpa.exe
c:\program files (x86)\AVG\AVG2012\avgdumpx.exe
c:\program files (x86)\AVG\AVG2012\avgemca.exe
c:\program files (x86)\AVG\AVG2012\avgf_sk.chm
c:\program files (x86)\AVG\AVG2012\avgf_us.chm
c:\program files (x86)\AVG\AVG2012\avgfree_sk.mht
c:\program files (x86)\AVG\AVG2012\avgfree_us.mht
c:\program files (x86)\AVG\AVG2012\avgchcla.dll
c:\program files (x86)\AVG\AVG2012\avgchclx.dll
c:\program files (x86)\AVG\AVG2012\avgchjwa.dll
c:\program files (x86)\AVG\AVG2012\avgidp_sk.chm
c:\program files (x86)\AVG\AVG2012\avgidp_us.chm
c:\program files (x86)\AVG\AVG2012\avgidpmx.dll
c:\program files (x86)\AVG\AVG2012\avgidpsdkx.dll
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\AVG\AVG2012\avglnga.dll
c:\program files (x86)\AVG\AVG2012\avglngx.dll
c:\program files (x86)\AVG\AVG2012\avgloga.dll
c:\program files (x86)\AVG\AVG2012\avglogx.dll
c:\program files (x86)\AVG\AVG2012\avgls_sk.chm
c:\program files (x86)\AVG\AVG2012\avgls_us.chm
c:\program files (x86)\AVG\AVG2012\avglscanx.exe
c:\program files (x86)\AVG\AVG2012\avgmfapx.exe
c:\program files (x86)\AVG\AVG2012\avgmfarx.dll
c:\program files (x86)\AVG\AVG2012\avgmtrapx.dll
c:\program files (x86)\AVG\AVG2012\avgmvfla.dll
c:\program files (x86)\AVG\AVG2012\avgmvflx.dll
c:\program files (x86)\AVG\AVG2012\avgmwdef_sk.mht
c:\program files (x86)\AVG\AVG2012\avgmwdef_us.mht
c:\program files (x86)\AVG\AVG2012\avgnsa.exe
c:\program files (x86)\AVG\AVG2012\avgntdumpa.exe
c:\program files (x86)\AVG\AVG2012\avgntdumpx.exe
c:\program files (x86)\AVG\AVG2012\avgntopenssla.dll
c:\program files (x86)\AVG\AVG2012\avgntopensslx.dll
c:\program files (x86)\AVG\AVG2012\avgntsqlitea.dll
c:\program files (x86)\AVG\AVG2012\avgntsqlitex.dll
c:\program files (x86)\AVG\AVG2012\avgopenssla.dll
c:\program files (x86)\AVG\AVG2012\avgopensslx.dll
c:\program files (x86)\AVG\AVG2012\avgoutlooka.dll
c:\program files (x86)\AVG\AVG2012\avgoutlookx.dll
c:\program files (x86)\AVG\AVG2012\avgpostinstx.dll
c:\program files (x86)\AVG\AVG2012\avgpp.dll
c:\program files (x86)\AVG\AVG2012\avgppa.dll
c:\program files (x86)\AVG\AVG2012\avgresf.dll
c:\program files (x86)\AVG\AVG2012\avgrkta.dll
c:\program files (x86)\AVG\AVG2012\avgrsa.exe
c:\program files (x86)\AVG\AVG2012\avgsals_sk.mht
c:\program files (x86)\AVG\AVG2012\avgsals_us.mht
c:\program files (x86)\AVG\AVG2012\avgsbfree_sk.mht
c:\program files (x86)\AVG\AVG2012\avgsbfree_us.mht
c:\program files (x86)\AVG\AVG2012\avgsbga.dll
c:\program files (x86)\AVG\AVG2012\avgscana.dll
c:\program files (x86)\AVG\AVG2012\avgscana.exe
c:\program files (x86)\AVG\AVG2012\avgscanx.dll
c:\program files (x86)\AVG\AVG2012\avgscanx.exe
c:\program files (x86)\AVG\AVG2012\avgse.dll
c:\program files (x86)\AVG\AVG2012\avgsea.dll
c:\program files (x86)\AVG\AVG2012\avgsched.dll
c:\program files (x86)\AVG\AVG2012\avgsrma.dll
c:\program files (x86)\AVG\AVG2012\avgsrmaa.exe
c:\program files (x86)\AVG\AVG2012\avgsrmax.exe
c:\program files (x86)\AVG\AVG2012\avgsrmx.dll
c:\program files (x86)\AVG\AVG2012\avgssie.dll
c:\program files (x86)\AVG\AVG2012\avgssiea.dll
c:\program files (x86)\AVG\AVG2012\avgsysa.dll
c:\program files (x86)\AVG\AVG2012\avgsysx.dll
c:\program files (x86)\AVG\AVG2012\avgtbapi.dll
c:\program files (x86)\AVG\AVG2012\AVGTBInstall.exe
c:\program files (x86)\AVG\AVG2012\avgtray.exe
c:\program files (x86)\AVG\AVG2012\avgtrial_sk.mht
c:\program files (x86)\AVG\AVG2012\avgtrial_us.mht
c:\program files (x86)\AVG\AVG2012\avgui.exe
c:\program files (x86)\AVG\AVG2012\avguiadv.dll
c:\program files (x86)\AVG\AVG2012\avguires.dll
c:\program files (x86)\AVG\AVG2012\avgupd.sig
c:\program files (x86)\AVG\AVG2012\avgupdx.dll
c:\program files (x86)\AVG\AVG2012\avgutila.dll
c:\program files (x86)\AVG\AVG2012\avgutilx.dll
c:\program files (x86)\AVG\AVG2012\avgvva.dll
c:\program files (x86)\AVG\AVG2012\avgvvx.dll
c:\program files (x86)\AVG\AVG2012\avgwd.dll
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\AVG\AVG2012\avgwdwsc.dll
c:\program files (x86)\AVG\AVG2012\avgwebui.dll
c:\program files (x86)\AVG\AVG2012\avgwsc.exe
c:\program files (x86)\AVG\AVG2012\avgxpl.dll
c:\program files (x86)\AVG\AVG2012\avgxpla.dll
c:\program files (x86)\AVG\AVG2012\awacs\dav\component\content.dat
c:\program files (x86)\AVG\AVG2012\awacs\dav\component\image.bmp
c:\program files (x86)\AVG\AVG2012\awacs\dav\sign.bin
c:\program files (x86)\AVG\AVG2012\awacs\fas\component\content.dat
c:\program files (x86)\AVG\AVG2012\awacs\fas\component\image.bmp
c:\program files (x86)\AVG\AVG2012\awacs\fas\sign.bin
c:\program files (x86)\AVG\AVG2012\awacs\obx\component\content.dat
c:\program files (x86)\AVG\AVG2012\awacs\obx\component\image.bmp
c:\program files (x86)\AVG\AVG2012\awacs\obx\sign.bin
c:\program files (x86)\AVG\AVG2012\awacs\pct\component\content.dat
c:\program files (x86)\AVG\AVG2012\awacs\pct\component\image.bmp
c:\program files (x86)\AVG\AVG2012\awacs\pct\sign.bin
c:\program files (x86)\AVG\AVG2012\awacs\rules.cat
c:\program files (x86)\AVG\AVG2012\awacs\rules.js
c:\program files (x86)\AVG\AVG2012\axioo.dll
c:\program files (x86)\AVG\AVG2012\cf.dat
c:\program files (x86)\AVG\AVG2012\compat.ini
c:\program files (x86)\AVG\AVG2012\contacts_sk.html
c:\program files (x86)\AVG\AVG2012\contacts_us.html
c:\program files (x86)\AVG\AVG2012\dfncfg.dat
c:\program files (x86)\AVG\AVG2012\Drivers\avgld.cat
c:\program files (x86)\AVG\AVG2012\Drivers\avgld.inf
c:\program files (x86)\AVG\AVG2012\Drivers\avgldx64.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgldx86.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgmf.cat
c:\program files (x86)\AVG\AVG2012\Drivers\avgmf.inf
c:\program files (x86)\AVG\AVG2012\Drivers\avgmfx64.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgmfx86.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgrk.cat
c:\program files (x86)\AVG\AVG2012\Drivers\avgrk.inf
c:\program files (x86)\AVG\AVG2012\Drivers\avgrkx64.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgrkx86.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgtdi.cat
c:\program files (x86)\AVG\AVG2012\Drivers\avgtdi.inf
c:\program files (x86)\AVG\AVG2012\Drivers\avgtdia.sys
c:\program files (x86)\AVG\AVG2012\Drivers\avgtdix.sys
c:\program files (x86)\AVG\AVG2012\Drivers\ErHr7x64\AVGIDSEH.cat
c:\program files (x86)\AVG\AVG2012\Drivers\ErHr7x64\AVGIDSEH.inf
c:\program files (x86)\AVG\AVG2012\Drivers\ErHr7x64\AVGIDSEH.sys
c:\program files (x86)\AVG\AVG2012\Drivers\platform_WIN7\UniversalDD.sys
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSDriver.cat
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSDriver.inf
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSDriver.sys
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSFilter.cat
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSFilter.inf
c:\program files (x86)\AVG\AVG2012\Drivers\Win7\AVGIDSFilter.sys
c:\program files (x86)\AVG\AVG2012\Firefox\Chrome\searchshield.jar
c:\program files (x86)\AVG\AVG2012\Firefox4\Components\avgssff4.dll
c:\program files (x86)\AVG\AVG2012\Firefox4\Components\avgssff5.dll
c:\program files (x86)\AVG\AVG2012\Firefox4\Components\avgssff6.dll
c:\program files (x86)\AVG\AVG2012\Firefox4\Components\ISearchShield4.xpt
c:\program files (x86)\AVG\AVG2012\Firefox4\chrome.manifest
c:\program files (x86)\AVG\AVG2012\Firefox4\Chrome\searchshield.jar
c:\program files (x86)\AVG\AVG2012\Firefox4\install.rdf
c:\program files (x86)\AVG\AVG2012\fixcfg.exe
c:\program files (x86)\AVG\AVG2012\HtmLayout.dll
c:\program files (x86)\AVG\AVG2012\Chrome\safesearch.crx
c:\program files (x86)\AVG\AVG2012\Icons\alert_mask.png
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_middle_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\background_top_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\block-doc.gif
c:\program files (x86)\AVG\AVG2012\Icons\blocked.gif
c:\program files (x86)\AVG\AVG2012\Icons\blocked12.png
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_bottom_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\border_top_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\box_bottom_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\box_top_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\caution.gif
c:\program files (x86)\AVG\AVG2012\Icons\caution12.png
c:\program files (x86)\AVG\AVG2012\Icons\click_here_gray.gif
c:\program files (x86)\AVG\AVG2012\Icons\click_here_green.gif
c:\program files (x86)\AVG\AVG2012\Icons\click_here_orange.gif
c:\program files (x86)\AVG\AVG2012\Icons\click_here_red.gif
c:\program files (x86)\AVG\AVG2012\Icons\click_here_yellow.gif
c:\program files (x86)\AVG\AVG2012\Icons\clock.gif
c:\program files (x86)\AVG\AVG2012\Icons\clock12.png
c:\program files (x86)\AVG\AVG2012\Icons\close.gif
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_bl.png
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_br.png
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_r.png
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_tl.png
c:\program files (x86)\AVG\AVG2012\Icons\green_inline_border_tr.png
c:\program files (x86)\AVG\AVG2012\Icons\icons_blocked.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_caution.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_close.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_safe.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_unknown.gif
c:\program files (x86)\AVG\AVG2012\Icons\icons_warning.gif
c:\program files (x86)\AVG\AVG2012\Icons\LS_Logo_Results.gif
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_bl.png
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_br.png
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_r.png
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_tl.png
c:\program files (x86)\AVG\AVG2012\Icons\orange_inline_border_tr.png
c:\program files (x86)\AVG\AVG2012\Icons\product_logo.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_bl.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_br.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_r.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_tl.png
c:\program files (x86)\AVG\AVG2012\Icons\red_inline_border_tr.png
c:\program files (x86)\AVG\AVG2012\Icons\safe.gif
c:\program files (x86)\AVG\AVG2012\Icons\safe12.png
c:\program files (x86)\AVG\AVG2012\Icons\toolbar_en.bmp
c:\program files (x86)\AVG\AVG2012\Icons\unknown.gif
c:\program files (x86)\AVG\AVG2012\Icons\vrsn-secured-lsfo.gif
c:\program files (x86)\AVG\AVG2012\Icons\warning.gif
c:\program files (x86)\AVG\AVG2012\Icons\warning12.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_bl.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_br.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_r.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_tl.png
c:\program files (x86)\AVG\AVG2012\Icons\yellow_inline_border_tr.png
c:\program files (x86)\AVG\AVG2012\js.dat
c:\program files (x86)\AVG\AVG2012\license_sk.htm
c:\program files (x86)\AVG\AVG2012\license_us.htm
c:\program files (x86)\AVG\AVG2012\mfask.lns
c:\program files (x86)\AVG\AVG2012\mfaus.lns
c:\program files (x86)\AVG\AVG2012\mfavera.txt
c:\program files (x86)\AVG\AVG2012\mfaverx.txt
c:\program files (x86)\AVG\AVG2012\mwbsr_e_free_sk.mht
c:\program files (x86)\AVG\AVG2012\mwbsr_e_free_us.mht
c:\program files (x86)\AVG\AVG2012\mwbsr_f_free_sk.mht
c:\program files (x86)\AVG\AVG2012\mwbsr_f_free_us.mht
c:\program files (x86)\AVG\AVG2012\PCTuneup\AxBrowsers.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\DiskCleanerHelper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\DiskDefragHelper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\helper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\localizer.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\MicroScanner.exe
c:\program files (x86)\AVG\AVG2012\PCTuneup\MicroScannerElevation.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\PerlRegExp.bpl
c:\program files (x86)\AVG\AVG2012\PCTuneup\RegistryCleanerHelper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\RescueCenterHelper.dll
c:\program files (x86)\AVG\AVG2012\PCTuneup\rtl120.bpl
c:\program files (x86)\AVG\AVG2012\PCTuneup\vcl120.bpl
c:\program files (x86)\AVG\AVG2012\ph.dat
c:\program files (x86)\AVG\AVG2012\sb.dat
c:\program files (x86)\AVG\AVG2012\sb.dat.xcd
c:\program files (x86)\AVG\AVG2012\sb2.dat
c:\program files (x86)\AVG\AVG2012\sc.dat
c:\program files (x86)\AVG\AVG2012\sc.dat.xcd
c:\program files (x86)\AVG\AVG2012\sounds\scan_finish_threat_found.wav
c:\program files (x86)\AVG\AVG2012\sounds\scan_os_alert.wav
c:\program files (x86)\AVG\AVG2012\sounds\scan_rs_alert.wav
c:\program files (x86)\AVG\AVG2012\sounds\update_end_fail.wav
c:\program files (x86)\AVG\AVG2012\updatecomps.bak
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\programdata\Kaspersky Lab Setup Files
c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\cs\kavkis.msi
c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\cs\setup.exe
c:\programdata\MFAData
c:\programdata\MFAData\logs\avgInfoCollector.log
c:\programdata\MFAData\logs\avgInfoCollector.log.lock
c:\programdata\MFAData\logs\mfa-20110820-091612.log
c:\programdata\MFAData\logs\mfa-20110820-091634.log
c:\programdata\MFAData\logs\mfa-20110820-092339.log
c:\programdata\MFAData\logs\mfa-20110820-092949.log
c:\programdata\MFAData\logs\mfa-20110826-162614.log
c:\programdata\MFAData\logs\mfa-20110829-072140.log
c:\programdata\MFAData\logs\mfa-20110829-073135.log
c:\programdata\MFAData\logs\mfa-20110829-073140.log
c:\programdata\MFAData\logs\mfa-20110903-101147.log
c:\programdata\MFAData\logs\mfa-20110903-111803.log
c:\programdata\MFAData\logs\msi-20110820-091634.log
c:\programdata\MFAData\logs\msi-20110826-162614.log
c:\programdata\MFAData\logs\msi-20110829-072140.log
c:\programdata\MFAData\logs\msi-20110829-073140.log
c:\programdata\MFAData\logs\msi-20110903-101147.log
c:\programdata\MFAData\logs\msi-20110903-111803.log
c:\programdata\MFAData\mfaurlconf.ini
c:\programdata\MFAData\mkt\dtc\res\bullet04.gif
c:\programdata\MFAData\mkt\dtc\res\offer.css
c:\programdata\MFAData\mkt\dtc\sk\ToolbarOfferScreen.html
c:\programdata\MFAData\mkt\res\LinkScanner-style.css
c:\programdata\MFAData\mkt\res\LinkScanner.jpg
c:\programdata\MFAData\mkt\res\OK.png
c:\programdata\MFAData\mkt\res\Smart-Scanning.jpg
c:\programdata\MFAData\mkt\res\SmartScanning-style.css
c:\programdata\MFAData\mkt\res\Social-Networking.jpg
c:\programdata\MFAData\mkt\res\SocialNetworking-style.css
c:\programdata\MFAData\mkt\res\style.css
c:\programdata\MFAData\mkt\res\w7_active.png
c:\programdata\MFAData\mkt\res\w7_active_check.png
c:\programdata\MFAData\mkt\res\w7_disable_check.png
c:\programdata\MFAData\mkt\res\w7_disable_uncheck.png
c:\programdata\MFAData\mkt\res\w7_hover.png
c:\programdata\MFAData\mkt\res\w7_hover_check.png
c:\programdata\MFAData\mkt\res\w7_check.png
c:\programdata\MFAData\mkt\res\w7_uncheck.png
c:\programdata\MFAData\mkt\sk\dm_marketing_message-sk.html
c:\programdata\MFAData\mkt\sk\Installation-Page_LinkScanner.html
c:\programdata\MFAData\mkt\sk\Installation-Page_Smart-Scanning.html
c:\programdata\MFAData\mkt\sk\Installation-Page_Social-Networking.html
c:\programdata\MFAData\msistorg.dat
c:\programdata\MFAData\msistorg.dat.bkp
c:\programdata\MFAData\public_installation_log.xml
c:\programdata\MFAData\SelfUpd\avgmfapx.exe
c:\programdata\MFAData\SelfUpd\avgmfarx.dll
c:\programdata\MFAData\SelfUpd\avgntdumpx.exe
c:\programdata\MFAData\SelfUpd\avgrunasx.exe
c:\programdata\MFAData\SelfUpd\bins\f10mfa1392b1391da.bin
c:\programdata\MFAData\SelfUpd\bins\f10mfa1392lq.bin
c:\programdata\MFAData\SelfUpd\bins\f10upd1392b1391hv.bin
c:\programdata\MFAData\SelfUpd\compat.ini
c:\programdata\MFAData\SelfUpd\htmlayout.dll
c:\programdata\MFAData\SelfUpd\license_cz.htm
c:\programdata\MFAData\SelfUpd\license_da.htm
c:\programdata\MFAData\SelfUpd\license_es.htm
c:\programdata\MFAData\SelfUpd\license_fr.htm
c:\programdata\MFAData\SelfUpd\license_ge.htm
c:\programdata\MFAData\SelfUpd\license_hu.htm
c:\programdata\MFAData\SelfUpd\license_id.htm
c:\programdata\MFAData\SelfUpd\license_in.htm
c:\programdata\MFAData\SelfUpd\license_it.htm
c:\programdata\MFAData\SelfUpd\license_jp.htm
c:\programdata\MFAData\SelfUpd\license_ko.htm
c:\programdata\MFAData\SelfUpd\license_ms.htm
c:\programdata\MFAData\SelfUpd\license_nl.htm
c:\programdata\MFAData\SelfUpd\license_pb.htm
c:\programdata\MFAData\SelfUpd\license_pl.htm
c:\programdata\MFAData\SelfUpd\license_pt.htm
c:\programdata\MFAData\SelfUpd\license_ru.htm
c:\programdata\MFAData\SelfUpd\license_sc.htm
c:\programdata\MFAData\SelfUpd\license_sk.htm
c:\programdata\MFAData\SelfUpd\license_sp.htm
c:\programdata\MFAData\SelfUpd\license_tr.htm
c:\programdata\MFAData\SelfUpd\license_us.htm
c:\programdata\MFAData\SelfUpd\license_zh.htm
c:\programdata\MFAData\SelfUpd\license_zt.htm
c:\programdata\MFAData\SelfUpd\mfaconf.txt
c:\programdata\MFAData\SelfUpd\mfacz.lns
c:\programdata\MFAData\SelfUpd\mfada.lns
c:\programdata\MFAData\SelfUpd\mfaes.lns
c:\programdata\MFAData\SelfUpd\mfafr.lns
c:\programdata\MFAData\SelfUpd\mfage.lns
c:\programdata\MFAData\SelfUpd\mfahu.lns
c:\programdata\MFAData\SelfUpd\mfaid.lns
c:\programdata\MFAData\SelfUpd\mfain.lns
c:\programdata\MFAData\SelfUpd\mfait.lns
c:\programdata\MFAData\SelfUpd\mfajp.lns
c:\programdata\MFAData\SelfUpd\mfako.lns
c:\programdata\MFAData\SelfUpd\mfams.lns
c:\programdata\MFAData\SelfUpd\mfanl.lns
c:\programdata\MFAData\SelfUpd\mfapb.lns
c:\programdata\MFAData\SelfUpd\mfapl.lns
c:\programdata\MFAData\SelfUpd\mfapt.lns
c:\programdata\MFAData\SelfUpd\mfaru.lns
c:\programdata\MFAData\SelfUpd\mfasc.lns
c:\programdata\MFAData\SelfUpd\mfask.lns
c:\programdata\MFAData\SelfUpd\mfasp.lns
c:\programdata\MFAData\SelfUpd\mfatr.lns
c:\programdata\MFAData\SelfUpd\mfaus.lns
c:\programdata\MFAData\SelfUpd\mfavera.txt
c:\programdata\MFAData\SelfUpd\mfaverx.txt
c:\programdata\MFAData\SelfUpd\mfazh.lns
c:\programdata\MFAData\SelfUpd\mfazt.lns
c:\users\shark\AppData\Roaming\AVG10
c:\users\shark\AppData\Roaming\AVG10\cfgall\usergui.cfg
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\system32\aswBoot.exe
c:\windows\system32\drivers\AVG
c:\windows\system32\drivers\AVG\iavichjw.avm
c:\windows\system32\drivers\AVG\incavi.avm
c:\windows\system32\DRIVERS\avgfwd6a.sys
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\drivers\avipbb.sys
c:\windows\ufa
c:\windows\unrar.exe
c:\windows\update.8.1
c:\windows\update.tray-12-0-lnk
c:\windows\update.tray-12-0
c:\windows\update.tray-7-0-lnk
c:\windows\update.tray-7-0
c:\windows\update.tray-8-0-lnk
c:\windows\update.tray-8-0
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGFWFD
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
-------\Service_Avgfwfd
-------\Legacy_avipbb
-------\Service_AVGIDSAgent
-------\Service_avgwd
-------\Service_avipbb
-------\Service_AVGIDSAgent
-------\Service_avgwd
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 16:43 . 2011-09-05 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-04 07:35 . 2011-08-19 14:33 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-09-04 07:35 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-09-03 11:21 . 2011-09-03 11:21 -------- d-----w- c:\users\shark\AppData\Roaming\AVG2012
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-09-03 11:20 . 2011-09-03 11:23 -------- d-----w- c:\programdata\AVG2012
2011-09-02 15:00 . 2011-09-02 15:00 -------- d-----w- c:\users\shark\AppData\Roaming\Malwarebytes
2011-09-02 14:59 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\programdata\Malwarebytes
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 14:59 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 14:24 . 2011-08-29 14:25 -------- d-----w- c:\users\Guest
2011-08-29 14:02 . 2011-08-29 14:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-26 15:57 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2FF79A4-71DB-4034-8A51-AD43AB539929}\mpengine.dll
2011-08-25 18:23 . 2011-08-25 18:23 22567 ----a-w- c:\programdata\1314296490.bdinstall.bin
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files\Common Files\Bitdefender
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2011-08-25 18:19 . 2011-08-27 15:37 -------- d-----w- c:\users\shark\AppData\Roaming\QuickScan
2011-08-25 17:47 . 2011-08-15 11:19 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-25 17:47 . 2011-08-15 11:13 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-25 17:47 . 2011-08-15 11:13 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-25 17:47 . 2011-08-25 17:47 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-08-25 17:46 . 2011-08-25 17:47 -------- d-----w- c:\programdata\TuneUp Software
2011-08-25 17:46 . 2011-08-25 17:46 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-24 15:56 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 14:13 . 2011-08-25 16:53 -------- d-----w- c:\programdata\PC Tools
2011-08-20 09:40 . 2011-08-20 09:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-20 09:31 . 2011-08-20 09:31 -------- d--h--w- c:\programdata\Common Files
2011-08-16 15:50 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-08-16 15:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-08-16 15:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-08-16 15:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-08-16 15:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-08-16 15:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-08-16 15:50 . 2002-08-22 04:00 413760 ----a-w- c:\windows\SysWow64\DivXc32f.dll
2011-08-16 15:50 . 2002-08-01 09:03 413760 ----a-w- c:\windows\SysWow64\DivXc32.dll
2011-08-16 15:50 . 2001-02-25 01:19 287744 ----a-w- c:\windows\SysWow64\divxa32.acm
2011-08-14 12:47 . 2005-06-24 14:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2011-08-14 12:47 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-08-14 12:47 . 2005-11-13 21:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-14 12:47 . 2005-11-13 21:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-14 12:47 . 2005-11-13 21:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-14 12:47 . 2005-11-13 21:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-14 12:47 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-14 12:47 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-14 12:47 . 2005-11-13 21:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-14 12:47 . 2011-08-14 12:47 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-14 12:47 . 2011-08-14 12:47 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-12 16:17 . 2011-09-02 16:43 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-10 16:06 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-08 04:08 . 2011-08-08 04:08 46672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 03:05 . 2010-09-28 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-16 04:26 . 2011-08-10 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-10 23:14 . 2011-07-10 23:14 375376 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2011-07-10 23:14 . 2011-07-10 23:14 29776 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-10 23:14 . 2011-07-10 23:14 26704 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-10 23:14 . 2011-07-10 23:14 120400 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-10 23:13 . 2011-07-10 23:13 282704 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-07-10 23:13 . 2011-07-10 23:13 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-06-11 03:07 . 2011-07-13 16:23 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} ----
.
2011-08-25 17:46 . 2011-08-25 17:46 18427392 ----a-w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-03_10.52.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-05 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-05 16:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 04:58 . 2011-09-05 16:18 49540 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-05 16:18 33400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-20 04:50 . 2011-09-05 16:18 13014 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3898257279-3220266764-3061120529-1000_UserData.bin
+ 2010-08-20 04:40 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:40 . 2011-09-04 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-05 16:44 . 2011-09-05 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-03 10:52 . 2011-09-03 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-05 16:44 . 2011-09-05 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-03 10:52 . 2011-09-03 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-09-03 10:51 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-05 16:43 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-05 16:10 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-13 18:06 . 2011-09-05 16:43 2269684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3898257279-3220266764-3061120529-1000-12288.dat
+ 2011-09-03 11:18 . 2011-09-03 11:18 7524352 c:\windows\Installer\19b429.msi
+ 2011-09-03 11:19 . 2011-09-03 11:19 2830336 c:\windows\Installer\19b425.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-03 11:20 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-03 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-09-03 218440]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-27 273544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-15 2027840]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-03 246600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"combofix"="c:\combofix\CF22365.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\shark\AppData\Roaming\Mozilla\Firefox\Profiles\fl1zbh1l.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bde ... &sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG2012\avgtray.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
.
[HKEY_USERS\S-1-5-21-3898257279-3220266764-3061120529-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,55,3e,53,f3,41,92,c4,75,8b,14,2c,ad,b1,3d,1e,b3,4d,d3,69,cd,
0d,e3,72,42,1f,1f,28,af,2c,41,29,1e,ba,ba,4e,d4,ff,dd,c4,8d,29,b6,e7,30,dc,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2011-09-05 18:47:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 16:47
ComboFix2.txt 2011-09-03 10:55
.
Pre-Run: 183 556 919 296 bytes free
Post-Run: 182 908 084 224 bytes free
.
- - End Of File - - 6FAC6406C98866EE77A28645885D77D3
Nahoru
Odpovědět

Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti