PC-HELP.CZ

Dobrý den, vlastním NB značky Lenovo Z575, na kterém mám nainstalovaný Avast. Ten mi zničehonic vyhodil okno, že kontroluje podezřelý soubor, který nakonec označil za malware a hodil do truhly. Po chvíli opět stejná situace, ale jiný soubor. Oba soubory byly ve složce \\DAVID-PC\Users\David\AppData\Local\Temp a jmenují se: exp4EFC.tmp a expEF74.tmp. Udělal jsem poté kontrolu pomocí MBAM a našlo mi to 8 objektů, které jsem smazal. Dále mi vyskočil log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.08.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrátor]

1.8.2012 15:55:37
mbam-log-2012-08-01 (15-55-37).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 196398
Uplynulý čas: 3 minut, 43 sekund

Nalezené procesy v paměti: 1
C:\Users\David\AppData\Local\Temp\exp3CD0.tmp (Exploit.Drop.COD) -> 2904 -> Bude smazán při restartu.

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00632432.exe (Trojan.Agent.KBGen) -> Data: "C:\Users\David\AppData\Roaming\KB00632432.exe" -> Umístnění do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 6
C:\Users\David\AppData\Local\Temp\exp3CD0.tmp (Exploit.Drop.COD) -> Bude smazán při restartu.
C:\Users\David\AppData\Local\Temp\exp3532.tmp (Backdoor.Bot) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\David\AppData\Local\Temp\exp57CF.tmp (Backdoor.Bot) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\David\AppData\Local\Temp\exp5FFA.tmp (Backdoor.Bot) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\David\AppData\Local\Temp\expAC9.tmp (Backdoor.Bot) -> Umístnění do karantény a smazání se zdařilo.
C:\Users\David\AppData\Local\Temp\expAFCE.tmp (Backdoor.Bot) -> Umístnění do karantény a smazání se zdařilo.

(konec)


Také přikládám log z HJT a ptám se, co dále. Děkuji za pomoc.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:50:09, on 1.8.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\users\david\appdata\roaming\kb00632432.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\David\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={3D72612F-4891-4E4D-B354-AA084E2D643F}&mid=a371689eb76f47d094ea4570a3771062-ee2209c1bf697e14ad81b87339e005c02d6df8f9&lang=en&ds=ts024&pr=sa&d=2012-04-08 10:26:46&v=10.2.0.3&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.111.209.2:3128
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [KB00632432.exe] "C:\Users\David\AppData\Roaming\KB00632432.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SetupARService - Realtek Semiconductor. - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9975 bytes

Provedl si restart kvůli smazání?

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod





Proxy sis nastavoval sám?

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Restart jsem provedl.

Proxy jsem si nastavil sám.

Po spuštění a scanu programu TFC se mi na ploše vytvořila složka backups, tak co s ní?

Log z TDSSKiller zde, nevešel se do příspěvku.

Log z CF:

ComboFix 12-07-31.03 - David 02.08.2012 9:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3558.2265 [GMT 2:00]
Spuštěný z: c:\users\David\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\g2mdlhlpx.exe
c:\windows\gt.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-02 do 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 07:45 . 2012-08-02 07:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 07:31 . 2012-08-02 07:31 -------- d-----w- c:\users\David\AppData\Local\Broadcom
2012-08-02 07:31 . 2012-08-02 07:31 -------- d-----w- c:\users\David\AppData\Local\AVG Secure Search
2012-07-30 19:01 . 2012-08-01 13:52 -------- d--h--w- c:\users\David\AppData\Roaming\5A847928
2012-07-22 18:26 . 2012-07-22 18:26 -------- d-----w- c:\users\David\AppData\Local\Lucasarts
2012-07-22 16:48 . 2012-07-22 16:48 -------- d-----w- c:\users\David\AppData\Roaming\VitySoft
2012-07-22 11:55 . 2012-07-22 11:55 -------- d-----w- c:\users\David\AppData\Roaming\SecuROM
2012-07-22 11:55 . 2012-07-22 11:55 90112 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-07-12 12:14 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 12:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-12 12:09 . 2012-06-02 12:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-07-12 12:09 . 2012-06-02 08:33 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-07-12 12:09 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 12:09 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-12 12:09 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 12:09 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-12 12:09 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 12:09 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-11 16:04 . 2002-12-18 08:23 505104 ----a-r- c:\windows\SysWow64\msxml.dll
2012-07-11 16:04 . 2002-12-18 08:23 115016 ----a-r- c:\windows\SysWow64\MSINET.OCX
2012-07-11 16:04 . 2002-12-18 08:23 69632 ----a-r- c:\windows\SysWow64\xmltok.dll
2012-07-11 16:04 . 2002-12-18 08:23 36864 ----a-r- c:\windows\SysWow64\xmlparse.dll
2012-07-11 16:04 . 2002-12-18 08:23 35840 ----a-r- c:\windows\SysWow64\comdlg32.oca
2012-07-11 16:04 . 2002-12-18 21:20 26096 ----a-r- c:\windows\SysWow64\xmlinst.exe
2012-07-11 16:04 . 2002-12-18 08:23 89360 ----a-r- c:\windows\SysWow64\VB5DB.DLL
2012-07-11 16:04 . 2002-12-18 08:23 28432 ----a-r- c:\windows\SysWow64\msxmlr.dll
2012-07-11 16:04 . 2002-12-18 08:23 24576 ----a-r- c:\windows\SysWow64\msxml3a.dll
2012-07-11 16:04 . 2002-12-18 08:23 29184 ----a-r- c:\windows\SysWow64\MSINET.oca
2012-07-11 16:04 . 2012-07-11 16:04 -------- d-----w- c:\program files (x86)\Ubi Soft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 08:58 . 2012-04-08 18:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 08:58 . 2012-04-08 18:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 12:11 . 2011-12-25 12:29 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-02-24 13:44 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-12-25 14:31 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-12-25 14:31 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-12-25 14:31 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-12-25 14:31 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-12-25 14:31 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-12-25 14:29 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-12-25 14:29 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-12-25 14:31 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2012-03-10 12:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 06:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:46 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:46 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:46 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:46 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:45 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 06:45 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-12 07:40 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-12 07:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-10 12:21 . 2012-05-10 12:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 11:06 . 2012-06-13 07:09 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 07:09 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 07:09 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 11:14 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-10-19 329056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe [2010-05-19 454656]
R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2012-04-08 24576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-13 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-01-13 39464]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2000-01-01 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2000-01-01 40064]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-10-19 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-10-19 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-10-19 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-10 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2012-03-03 335288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-07-03 655944]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-19 29792]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9978880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-21 1360960]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 565352]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 94118633
*Deregistered* - 94118633
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 08:58]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 01:59]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 01:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-19 01:44 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-19 206176]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-19 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-19 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-19 5908928]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://isearch.avg.com/?cid={3D72612F-4891-4E4D-B354-AA084E2D643F}&mid=a371689eb76f47d094ea4570a3771062-ee2209c1bf697e14ad81b87339e005c02d6df8f9&lang=en&ds=ts024&pr=sa&d=2012-04-08 10:26&v=10.2.0.3&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-GeoGebra 4 - c:\windows\system32\javaws.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil9d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil9d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-02 09:47:35
ComboFix-quarantined-files.txt 2012-08-02 07:47
ComboFix2.txt 2012-04-07 09:25
.
Před spuštěním: Volných bajtů: 671 948 247 040
Po spuštění: Volných bajtů: 671 864 942 592
.
- - End Of File - - 601E2238734BC004FDE6300F074EAF60

Po spuštění a scanu programu TFC se mi na ploše vytvořila složka backups, tak co s ní?

Pokud je vše jinak OK , tak jí smaž.


Příště vlož vše sem , naněkolikrát.


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

ComboFix 12-07-31.03 - David 03.08.2012 13:51:43.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3558.2262 [GMT 2:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\David\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\program files (x86)\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\users\David\g2mdlhlpx.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-03 do 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 12:02 . 2012-08-03 12:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-03 12:02 . 2012-08-03 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 08:05 . 2012-08-02 08:05 -------- d-----w- c:\users\David\AppData\Local\Adobe
2012-08-02 07:31 . 2012-08-02 07:31 -------- d-----w- c:\users\David\AppData\Local\Broadcom
2012-08-02 07:31 . 2012-08-02 07:31 -------- d-----w- c:\users\David\AppData\Local\AVG Secure Search
2012-07-30 19:01 . 2012-08-01 13:52 -------- d--h--w- c:\users\David\AppData\Roaming\5A847928
2012-07-22 18:26 . 2012-07-22 18:26 -------- d-----w- c:\users\David\AppData\Local\Lucasarts
2012-07-22 16:48 . 2012-07-22 16:48 -------- d-----w- c:\users\David\AppData\Roaming\VitySoft
2012-07-22 11:55 . 2012-07-22 11:55 -------- d-----w- c:\users\David\AppData\Roaming\SecuROM
2012-07-22 11:55 . 2012-07-22 11:55 90112 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-07-12 12:14 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 12:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-12 12:09 . 2012-06-02 12:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-07-12 12:09 . 2012-06-02 08:33 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-07-12 12:09 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 12:09 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-12 12:09 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 12:09 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-12 12:09 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 12:09 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-11 16:04 . 2002-12-18 08:23 505104 ----a-r- c:\windows\SysWow64\msxml.dll
2012-07-11 16:04 . 2002-12-18 08:23 115016 ----a-r- c:\windows\SysWow64\MSINET.OCX
2012-07-11 16:04 . 2002-12-18 08:23 69632 ----a-r- c:\windows\SysWow64\xmltok.dll
2012-07-11 16:04 . 2002-12-18 08:23 36864 ----a-r- c:\windows\SysWow64\xmlparse.dll
2012-07-11 16:04 . 2002-12-18 08:23 35840 ----a-r- c:\windows\SysWow64\comdlg32.oca
2012-07-11 16:04 . 2002-12-18 21:20 26096 ----a-r- c:\windows\SysWow64\xmlinst.exe
2012-07-11 16:04 . 2002-12-18 08:23 89360 ----a-r- c:\windows\SysWow64\VB5DB.DLL
2012-07-11 16:04 . 2002-12-18 08:23 28432 ----a-r- c:\windows\SysWow64\msxmlr.dll
2012-07-11 16:04 . 2002-12-18 08:23 24576 ----a-r- c:\windows\SysWow64\msxml3a.dll
2012-07-11 16:04 . 2002-12-18 08:23 29184 ----a-r- c:\windows\SysWow64\MSINET.oca
2012-07-11 16:04 . 2012-07-11 16:04 -------- d-----w- c:\program files (x86)\Ubi Soft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 08:58 . 2012-04-08 18:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 08:58 . 2012-04-08 18:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 12:11 . 2011-12-25 12:29 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-02-24 13:44 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-12-25 14:31 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-12-25 14:31 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-12-25 14:31 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-12-25 14:31 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-12-25 14:31 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-12-25 14:29 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-12-25 14:29 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-12-25 14:31 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2012-03-10 12:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 06:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:46 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:46 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:46 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:46 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:45 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 06:45 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-12 07:40 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-12 07:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-10 12:21 . 2012-05-10 12:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\David\AppData\Roaming\5A847928 ----
.
2012-08-01 13:52 . 2012-08-01 14:02 2787 ---ha-w- c:\users\David\AppData\Roaming\5A847928\5A847928
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_07.45.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-03 11:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-02 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-02 07:30 . 2012-08-02 07:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-02 07:30 . 2012-08-03 11:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-03 11:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-02 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-21 03:09 . 2012-08-02 07:32 39856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-11-21 03:09 . 2012-08-03 11:46 39856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-03 11:46 43900 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-24 17:24 . 2012-08-03 11:46 10908 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969645120-2945378720-210728524-1001_UserData.bin
- 2011-12-24 17:24 . 2012-08-02 07:32 10908 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969645120-2945378720-210728524-1001_UserData.bin
+ 2011-02-22 03:22 . 2012-08-03 12:03 14900 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-02-22 03:22 . 2012-08-02 07:29 14900 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-08-02 07:30 . 2012-08-02 07:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-03 12:04 . 2012-08-03 12:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-02 07:30 . 2012-08-02 07:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-03 12:04 . 2012-08-03 12:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-21 12:27 . 2012-08-02 10:53 258966 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-12-25 14:59 . 2012-08-02 13:02 293534 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-02 07:35 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-03 11:52 616242 c:\windows\system32\perfh009.dat
- 2011-10-05 19:27 . 2012-08-02 07:35 631526 c:\windows\system32\perfh005.dat
+ 2011-10-05 19:27 . 2012-08-03 11:52 631526 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-08-03 11:52 106622 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-02 07:35 106622 c:\windows\system32\perfc009.dat
- 2011-10-05 19:27 . 2012-08-02 07:35 122148 c:\windows\system32\perfc005.dat
+ 2011-10-05 19:27 . 2012-08-03 11:52 122148 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-08-03 12:03 300788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-02 07:29 300788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-24 17:27 . 2012-07-29 13:11 2946420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-969645120-2945378720-210728524-1001-8192.dat
+ 2011-12-24 17:27 . 2012-08-03 09:08 2946420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-969645120-2945378720-210728524-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 11:14 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-10-19 329056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe [2010-05-19 454656]
R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2012-04-08 24576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-13 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-01-13 39464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2000-01-01 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2000-01-01 40064]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-10-19 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-10-19 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-10-19 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-10 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2012-03-03 335288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-07-03 655944]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-19 29792]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9978880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-21 1360960]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 565352]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 08:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-19 01:44 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-19 206176]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-19 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-19 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-19 5908928]
"combofix"="c:\combofix\CF7761.3XE" [2010-11-21 345088]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://isearch.avg.com/?cid={3D72612F-4891-4E4D-B354-AA084E2D643F}&mid=a371689eb76f47d094ea4570a3771062-ee2209c1bf697e14ad81b87339e005c02d6df8f9&lang=en&ds=ts024&pr=sa&d=2012-04-08 10:26&v=10.2.0.3&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-08-03 14:20:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-03 12:20
ComboFix2.txt 2012-08-02 07:47
ComboFix3.txt 2012-04-07 09:25
.
Před spuštěním: Volných bajtů: 671 513 886 720
Po spuštění: Volných bajtů: 671 351 103 488
.
- - End Of File - - 3AC11B1283E097A8D13C609CD407D862

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:08:06, on 3.8.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\David\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={3D72612F-4891-4E4D-B354-AA084E2D643F}&mid=a371689eb76f47d094ea4570a3771062-ee2209c1bf697e14ad81b87339e005c02d6df8f9&lang=en&ds=ts024&pr=sa&d=2012-04-08 10:26:46&v=10.2.0.3&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SetupARService - Realtek Semiconductor. - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9767 bytes

Log z aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 14:57:07
-----------------------------
14:57:07.814 OS Version: Windows x64 6.1.7601 Service Pack 1
14:57:07.815 Number of processors: 4 586 0x100
14:57:07.816 ComputerName: DAVID-PC UserName: David
14:57:18.617 Initialize success
14:57:18.851 AVAST engine defs: 12080300
14:57:28.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
14:57:28.929 Disk 0 Vendor: WDC_WD75 03.0 Size: 715404MB BusType: 11
14:57:28.960 Disk 0 MBR read successfully
14:57:28.976 Disk 0 MBR scan
14:57:28.976 Disk 0 Windows 7 default MBR code
14:57:28.992 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
14:57:29.007 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670402 MB offset 411648
14:57:29.007 Disk 0 Partition - 00 0F Extended LBA 29693 MB offset 1373394944
14:57:29.054 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
14:57:29.085 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29692 MB offset 1373396992
14:57:29.132 Disk 0 scanning C:\windows\system32\drivers
14:57:37.587 Service scanning
14:58:02.781 Modules scanning
14:58:02.797 Disk 0 trace - called modules:
14:58:02.812 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:58:02.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a78060]
14:58:02.844 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa800442d040]
14:58:02.859 5 amd_xata.sys[fffff880010dcb3f] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa800442b060]
14:58:13.608 AVAST engine scan C:\windows
14:58:32.858 AVAST engine scan C:\windows\system32
15:01:06.534 AVAST engine scan C:\windows\system32\drivers
15:01:26.190 AVAST engine scan C:\Users\David
15:02:39.884 AVAST engine scan C:\ProgramData
15:03:41.271 Scan finished successfully
15:04:46.026 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"
15:04:46.026 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Log z CF:
ComboFix 12-07-31.03 - David 06.08.2012 9:40.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3558.2163 [GMT 2:00]
Spuštěný z: c:\users\David\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\David\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\users\David\AppData\Roaming\5A847928\5A847928"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Roaming\5A847928
c:\users\David\AppData\Roaming\5A847928\5A847928
c:\users\David\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-06 do 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 07:46 . 2012-08-06 07:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-06 07:46 . 2012-08-06 07:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 08:05 . 2012-08-02 08:05 -------- d-----w- c:\users\David\AppData\Local\Adobe
2012-08-02 07:31 . 2012-08-02 07:31 -------- d-----w- c:\users\David\AppData\Local\Broadcom
2012-08-02 07:31 . 2012-08-02 07:31 -------- d-----w- c:\users\David\AppData\Local\AVG Secure Search
2012-07-22 18:26 . 2012-07-22 18:26 -------- d-----w- c:\users\David\AppData\Local\Lucasarts
2012-07-22 16:48 . 2012-07-22 16:48 -------- d-----w- c:\users\David\AppData\Roaming\VitySoft
2012-07-22 11:55 . 2012-07-22 11:55 -------- d-----w- c:\users\David\AppData\Roaming\SecuROM
2012-07-22 11:55 . 2012-07-22 11:55 90112 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-07-12 12:14 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 12:13 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-12 12:09 . 2012-06-02 12:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-07-12 12:09 . 2012-06-02 08:33 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-07-12 12:09 . 2012-06-02 12:06 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 12:09 . 2012-06-02 08:26 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-12 12:09 . 2012-06-02 12:07 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 12:09 . 2012-06-02 08:27 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-12 12:09 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-12 12:09 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-11 16:04 . 2002-12-18 08:23 505104 ----a-r- c:\windows\SysWow64\msxml.dll
2012-07-11 16:04 . 2002-12-18 08:23 115016 ----a-r- c:\windows\SysWow64\MSINET.OCX
2012-07-11 16:04 . 2002-12-18 08:23 69632 ----a-r- c:\windows\SysWow64\xmltok.dll
2012-07-11 16:04 . 2002-12-18 08:23 36864 ----a-r- c:\windows\SysWow64\xmlparse.dll
2012-07-11 16:04 . 2002-12-18 08:23 35840 ----a-r- c:\windows\SysWow64\comdlg32.oca
2012-07-11 16:04 . 2002-12-18 21:20 26096 ----a-r- c:\windows\SysWow64\xmlinst.exe
2012-07-11 16:04 . 2002-12-18 08:23 89360 ----a-r- c:\windows\SysWow64\VB5DB.DLL
2012-07-11 16:04 . 2002-12-18 08:23 28432 ----a-r- c:\windows\SysWow64\msxmlr.dll
2012-07-11 16:04 . 2002-12-18 08:23 24576 ----a-r- c:\windows\SysWow64\msxml3a.dll
2012-07-11 16:04 . 2002-12-18 08:23 29184 ----a-r- c:\windows\SysWow64\MSINET.oca
2012-07-11 16:04 . 2012-07-11 16:04 -------- d-----w- c:\program files (x86)\Ubi Soft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 12:58 . 2012-04-08 18:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 12:58 . 2012-04-08 18:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 12:11 . 2011-12-25 12:29 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-02-24 13:44 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-12-25 14:31 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-12-25 14:31 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-12-25 14:31 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-12-25 14:31 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-12-25 14:31 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-12-25 14:29 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-12-25 14:29 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-12-25 14:31 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2012-03-10 12:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 06:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:46 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:46 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:46 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:46 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 06:45 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 06:45 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-12 07:40 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-12 07:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-10 12:21 . 2012-05-10 12:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_07.45.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-06 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-02 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-02 07:30 . 2012-08-02 07:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-02 07:30 . 2012-08-06 07:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-02 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-06 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-11-21 03:09 . 2012-08-02 07:32 39856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-11-21 03:09 . 2012-08-06 07:34 39856 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-06 07:34 43948 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-24 17:24 . 2012-08-06 07:34 11034 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969645120-2945378720-210728524-1001_UserData.bin
- 2011-12-24 17:24 . 2012-07-27 08:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-24 17:24 . 2012-08-03 12:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-03 12:58 . 2012-08-03 12:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-03 12:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 08:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-06 07:36 99040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-02-22 03:22 . 2012-08-02 07:29 14900 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-02-22 03:22 . 2012-08-06 07:46 14900 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-08-06 07:46 . 2012-08-06 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-02 07:30 . 2012-08-02 07:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 07:46 . 2012-08-06 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-02 07:30 . 2012-08-02 07:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-03 12:58 . 2012-08-03 12:58 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe
- 2012-04-08 18:39 . 2012-07-27 08:58 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-08 18:39 . 2012-08-03 12:58 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-01-21 12:27 . 2012-08-02 10:53 258966 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-12-25 14:59 . 2012-08-02 13:02 293534 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-02 07:35 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-06 07:36 616242 c:\windows\system32\perfh009.dat
- 2011-10-05 19:27 . 2012-08-02 07:35 631526 c:\windows\system32\perfh005.dat
+ 2011-10-05 19:27 . 2012-08-06 07:36 631526 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-08-06 07:36 106622 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-02 07:35 106622 c:\windows\system32\perfc009.dat
+ 2011-10-05 19:27 . 2012-08-06 07:36 122148 c:\windows\system32\perfc005.dat
- 2011-10-05 19:27 . 2012-08-02 07:35 122148 c:\windows\system32\perfc005.dat
+ 2012-08-03 12:58 . 2012-08-03 12:58 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe
- 2009-07-14 05:01 . 2012-08-02 07:29 300788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-06 07:46 300788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-03 12:58 . 2012-08-03 12:58 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
+ 2012-08-03 12:58 . 2012-08-03 12:58 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
+ 2011-12-24 17:27 . 2012-08-03 13:15 2946420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-969645120-2945378720-210728524-1001-8192.dat
- 2011-12-24 17:27 . 2012-07-29 13:11 2946420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-969645120-2945378720-210728524-1001-8192.dat
+ 2012-08-03 12:58 . 2012-08-03 12:58 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 11:14 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-10-19 329056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"Malwarebytes' Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [2012-04-08 24576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-21 1360960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-25 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2000-01-01 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2000-01-01 40064]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-10-19 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-10-19 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-10-19 13408]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-10 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2012-03-03 335288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-07-03 655944]
S2 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\RT2860 Wireless LAN Card\ExtraFiles\RaMediaServer.exe [2010-05-19 454656]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-10-19 29792]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9978880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-01-13 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-01-13 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 565352]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 12:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-10-19 01:44 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-10-19 206176]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-10-19 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-10-19 9769888]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-10-19 5908928]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://isearch.avg.com/?cid={3D72612F-4891-4E4D-B354-AA084E2D643F}&mid=a371689eb76f47d094ea4570a3771062-ee2209c1bf697e14ad81b87339e005c02d6df8f9&lang=en&ds=ts024&pr=sa&d=2012-04-08 10:26&v=10.2.0.3&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2012-08-06 09:51:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-06 07:51
ComboFix2.txt 2012-08-03 12:20
ComboFix3.txt 2012-08-02 07:47
ComboFix4.txt 2012-04-07 09:25
.
Před spuštěním: Volných bajtů: 671 625 420 800
Po spuštění: Volných bajtů: 671 523 500 032
.
- - End Of File - - 2E5FE6A479088CF09290280F42E4BB31

Co se týče Javy, byla tam Java 6 verze 31, tak jsem ji odinstaloval.

Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

+

Stáhni si RootRepeal

Rozbal si archív třeba do C:\RootRepeal
Poklepej na RootRepeal.exe ke startu programu ( ve vistě pravým a vybrat spustit jako administrátor).
Klikni v dolní části na Files a potom na Scan .
Objeví se dialog.okno, dej zatržítko na disk, který chceš skenovat( nejčastěji na C:\) , a potom na OK.
Program začne skenovat zatržený disk. Když sken skončí , budou tam vypsané soubory, ale ne všechny musí být legitimní. Klikni na Save Report a ulož si log do dokumentů. Vlož sem prosím celý jeho obsah.

Po restartu se podívej , zda je tam zase tenhle soubor:
c:\users\David\g2mdlhlpx.exe

RootRepeal nejde spustit, píše to, že to nepodporuje 64bit OS.

Log z RogueKiller:

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: David [Práva správce]
Mód: Kontrola -- Datum: 08/06/2012 10:29:32

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD75 00BPVT-24HXZT3 SATA Disk Device +++++
--- User ---
[MBR] ec2da3a24dbec9300d8cb89dbbba52c6
[BSP] d33f6eaffe858f69c784e4df1689afac : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670402 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373394944 | Size: 29693 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

A co se týče toho souboru g2mdlhlpx.exe, tak tam není.

Stáhni si Rooter.exe

na plochu. Poklepej na něj ke startu nástroje, až se objeví v poznámkovém bloku zpráva ( je i zde: C:\Rooter.txt), zkopíruj jí a vlož do svého OTLII logu.
Pokud se objeví zpráva chybí disk , dej pokračovat.

A co se týče toho souboru g2mdlhlpx.exe, tak tam není.

Nejprve:
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

pak se podívej po tom souboru..Restartoval si nejprve PC?