Virus

[Žbeky]

Použíj AVG remover - http://www.avg.com/cz-cs/stahnout-nastroje
Potom udělej nový CF bez skriptu

[Reklama]

[falcon5583]

ComboFix 11-09-02.04 - shark . 09. 2011 19:18:06.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2676 [GMT 2:00]
Running from: c:\users\shark\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-04 07:35 . 2011-08-19 14:33 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-09-04 07:35 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-02 14:59 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 14:59 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 14:24 . 2011-09-05 17:19 -------- d-----w- c:\users\Guest
2011-08-29 14:02 . 2011-08-29 14:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-26 16:06 . 2011-09-05 17:19 -------- d-----w- c:\program files\AVAST Software
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files\Common Files\Bitdefender
2011-08-25 18:21 . 2011-08-25 18:21 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2011-08-25 17:47 . 2011-08-15 11:19 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-25 17:47 . 2011-08-15 11:13 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-25 17:47 . 2011-08-15 11:13 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-25 17:47 . 2011-08-25 17:47 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-08-25 17:32 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-24 15:56 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-20 11:55 . 2011-09-05 17:19 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-08-20 09:40 . 2011-08-20 09:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-19 18:14 . 2011-08-25 17:38 246272 ----a-w- c:\windows\unrar.exe
2011-08-19 18:12 . 2011-09-05 17:20 -------- d-----w- c:\windows\av_ico
2011-08-16 15:50 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-08-16 15:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-08-16 15:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-08-16 15:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-08-16 15:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-08-16 15:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-08-16 15:50 . 2002-08-22 04:00 413760 ----a-w- c:\windows\SysWow64\DivXc32f.dll
2011-08-16 15:50 . 2002-08-01 09:03 413760 ----a-w- c:\windows\SysWow64\DivXc32.dll
2011-08-16 15:50 . 2001-02-25 01:19 287744 ----a-w- c:\windows\SysWow64\divxa32.acm
2011-08-14 12:47 . 2005-06-24 14:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2011-08-14 12:47 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-08-14 12:47 . 2005-11-13 21:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-14 12:47 . 2005-11-13 21:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-14 12:47 . 2005-11-13 21:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-14 12:47 . 2005-11-13 21:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-14 12:47 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-14 12:47 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-14 12:47 . 2005-11-13 21:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-14 12:47 . 2011-08-14 12:47 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-14 12:47 . 2011-08-14 12:47 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-12 16:17 . 2011-09-06 17:06 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-10 16:06 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 09:30 . 2011-04-22 12:11 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-20 09:30 . 2011-04-22 12:11 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-19 03:05 . 2010-09-28 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-16 04:26 . 2011-08-10 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 03:07 . 2011-07-13 16:23 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-03_10.52.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-06 15:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-06 15:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 04:58 . 2011-09-06 17:08 50054 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-06 17:08 33400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-20 04:50 . 2011-09-06 17:08 13376 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3898257279-3220266764-3061120529-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-09-06 17:05 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-08-20 04:40 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:40 . 2011-09-04 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-25 16:56 . 2011-09-05 17:18 3292 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-09-06 17:21 . 2011-09-06 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-03 10:52 . 2011-09-03 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-09-06 17:05 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-09-06 17:05 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2011-09-06 17:20 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-09-03 10:51 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-05 14:02 . 2011-09-05 17:18 392708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3898257279-3220266764-3061120529-1000-8192.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-06 15:48 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-13 18:06 . 2011-09-06 17:20 2269684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3898257279-3220266764-3061120529-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-27 273544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-15 2027840]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-03 246600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\shark\AppData\Roaming\Mozilla\Firefox\Profiles\fl1zbh1l.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bde ... &sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
.
[HKEY_USERS\S-1-5-21-3898257279-3220266764-3061120529-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,55,3e,53,f3,41,92,c4,75,8b,14,2c,ad,b1,3d,1e,b3,4d,d3,69,cd,
0d,e3,72,42,1f,1f,28,af,2c,41,29,1e,ba,ba,4e,d4,ff,dd,c4,8d,29,b6,e7,30,dc,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2011-09-06 19:24:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-06 17:24
ComboFix2.txt 2011-09-05 16:47
ComboFix3.txt 2011-09-03 10:55
.
Pre-Run: 181 335 863 296 bytes free
Post-Run: 181 015 371 776 bytes free
.
- - End Of File - - 4367DE6E7D897276C86CDB3503A386E2

[falcon5583]

Uz ten AVG neblbne ale chalani neviem preco ta Avira tam blbne rad by som tam dal toho Kasperskeho...ale nejde lebo pri instalacii mi napise ze treba odinstalovat Aviru ale nikde v PC ju nevidim som z toho na nervy

[jaro3]

Chceš odstranit všechny antiviry:
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files\AVAST Software
c:\program files\Common Files\Bitdefender
c:\program files (x86)\Common Files\Bitdefender

i zbytky Aviry???
kromě nákaz teda..

[falcon5583]

Len tie zbytky Aviry by som chcel dat pre konecne

[jaro3]

Dal jsem smazat i složky po Bitdefenderu , co se složkou Avast??

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\unrar.exe
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\drivers\avipbb.sys
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

Folder::
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\av_ico
c:\program files\Common Files\Bitdefender
c:\program files (x86)\Common Files\Bitdefender
c:\program files (x86)\Avira

Driver::
AntiVirSchedulerService

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[falcon5583]

ComboFix 11-09-02.04 - shark . 09. 2011 17:52:09.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2670 [GMT 2:00]
Running from: c:\users\shark\Desktop\ComboFix.exe
Command switches used :: c:\users\shark\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Avira\AntiVir Desktop\sched.exe"
"c:\windows\system32\drivers\avgntflt.sys"
"c:\windows\system32\drivers\avipbb.sys"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Bitdefender
c:\program files (x86)\Common Files\Bitdefender\setupinformation\contacts.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\contacts.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\detection.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\detection.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\ACA.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\ACA.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Ad-Aware.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Ad-Aware.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\AntiVir.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\AntiVir.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\avast5.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\avast5.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\AVG.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\AVG.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Avira.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Avira.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\BackWeb-4476822.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\BackWeb-4476822.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\BBC.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\BBC.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Bitdefender Antivirus.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Bitdefender Antivirus.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Bitdefender Internet Security.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Bitdefender Internet Security.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Bitdefender Total Security.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Bitdefender Total Security.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Bitdefender.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Bitdefender.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\BullGuard.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\BullGuard.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\cciss.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\cciss.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\COMODO.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\COMODO.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\DRWEB.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\DRWEB.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\ESET.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\ESET.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\eTrust.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\eTrust.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\F-Secure.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\F-Secure.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\GData.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\GData.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\GUIDs.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\GUIDs.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\JiangMin.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\JiangMin.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Kaspersky.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Kaspersky.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Kingsoft.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Kingsoft.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\kv.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\kv.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Lavasoft.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Lavasoft.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Malwarebytes.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Malwarebytes.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\McAfee.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\McAfee.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\MicroPoint.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\MicroPoint.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Mobile.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Mobile.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\MSC.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\MSC.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\mse.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\mse.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Norman.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Norman.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Norton.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Norton.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\OfficeScan95.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\OfficeScan95.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\OfficeScanNT.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\OfficeScanNT.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Panda.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Panda.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\PCTools.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\PCTools.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Premium.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Premium.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Rav.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Rav.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\RFW.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\RFW.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Ris.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Ris.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\ServerProtect.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\ServerProtect.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\SunBelt.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\SunBelt.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\TrendMicro.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\TrendMicro.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\VETWIN32Vp5.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\VETWIN32Vp5.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Virus.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Virus.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Webroot.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\Webroot.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\WinSS.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\WinSS.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\ZoneAlarm.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\extern\ZoneAlarm.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\locations.xml
c:\program files (x86)\Common Files\Bitdefender\setupinformation\locations.xml.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\setupdownloader.exe
c:\program files (x86)\Common Files\Bitdefender\setupinformation\setupdownloader.exe.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\setupdownloader.ui
c:\program files (x86)\Common Files\Bitdefender\setupinformation\setupdownloader.ui.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\setuplauncher.exe
c:\program files (x86)\Common Files\Bitdefender\setupinformation\setuplauncher.exe.md5
c:\program files (x86)\Common Files\Bitdefender\setupinformation\UninstallLib.dll
c:\program files (x86)\Common Files\Bitdefender\setupinformation\UninstallLib.dll.md5
c:\program files\Common Files\Bitdefender
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\additional.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\bd_logo.png
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\bdardrv.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\bdfltdp.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\bdfsfltr.sys
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\contacts.xml
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\htmlayout.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\install_x64.xml
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\installer.exe
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\installerpackage.exe.md5
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\lang\en-US.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\newauthpublic.pem
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\regal.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\setuplauncher.exe
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\trufos.sys
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\wslib.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\wsp2p.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\wspack.dll
c:\program files\Common Files\Bitdefender\SetupInformation\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\wsutils.dll
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
c:\windows\av_ico
c:\windows\av_ico\ico_avast_desktop.ico
c:\windows\av_ico\ico_avast_start.ico
c:\windows\av_ico\ico_avira_start.ico
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\drivers\avipbb.sys
c:\windows\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_avipbb
-------\Service_avipbb
.
.
((((((((((((((((((((((((( Files Created from 2011-08-07 to 2011-09-07 )))))))))))))))))))))))))))))))
.
.
2011-09-07 15:55 . 2011-09-07 15:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-06 15:53 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C21B5BF4-A900-42F8-A79C-184CFEC3F969}\mpengine.dll
2011-09-04 07:35 . 2011-08-19 14:33 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-09-04 07:35 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-09-03 11:21 . 2011-09-03 11:21 -------- d-----w- c:\users\shark\AppData\Roaming\AVG2012
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-03 11:20 . 2011-09-06 17:07 -------- d-----w- c:\programdata\AVG2012
2011-09-03 11:10 . 2011-09-05 17:18 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-09-02 15:00 . 2011-09-02 15:00 -------- d-----w- c:\users\shark\AppData\Roaming\Malwarebytes
2011-09-02 14:59 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\programdata\Malwarebytes
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 14:59 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 14:24 . 2011-09-05 17:19 -------- d-----w- c:\users\Guest
2011-08-29 14:02 . 2011-08-29 14:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-26 16:30 . 2011-09-05 17:19 -------- d-----w- c:\users\shark\AppData\Roaming\AVG10
2011-08-26 16:06 . 2011-09-05 17:19 -------- d-----w- c:\program files\AVAST Software
2011-08-25 18:23 . 2011-08-25 18:23 22567 ----a-w- c:\programdata\1314296490.bdinstall.bin
2011-08-25 18:19 . 2011-08-27 15:37 -------- d-----w- c:\users\shark\AppData\Roaming\QuickScan
2011-08-25 17:47 . 2011-08-15 11:19 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-25 17:47 . 2011-08-15 11:13 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-25 17:47 . 2011-08-15 11:13 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-25 17:47 . 2011-08-25 17:47 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-08-25 17:46 . 2011-08-25 17:47 -------- d-----w- c:\programdata\TuneUp Software
2011-08-25 17:46 . 2011-08-25 17:46 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-25 17:32 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-24 15:56 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 14:13 . 2011-08-25 16:53 -------- d-----w- c:\programdata\PC Tools
2011-08-20 09:40 . 2011-08-20 09:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-20 09:31 . 2011-08-20 09:31 -------- d--h--w- c:\programdata\Common Files
2011-08-20 09:16 . 2011-09-06 17:05 -------- d-----w- c:\programdata\MFAData
2011-08-16 15:50 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-08-16 15:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-08-16 15:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-08-16 15:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-08-16 15:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-08-16 15:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-08-16 15:50 . 2002-08-22 04:00 413760 ----a-w- c:\windows\SysWow64\DivXc32f.dll
2011-08-16 15:50 . 2002-08-01 09:03 413760 ----a-w- c:\windows\SysWow64\DivXc32.dll
2011-08-16 15:50 . 2001-02-25 01:19 287744 ----a-w- c:\windows\SysWow64\divxa32.acm
2011-08-14 12:47 . 2005-06-24 14:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2011-08-14 12:47 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-08-14 12:47 . 2005-11-13 21:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-14 12:47 . 2005-11-13 21:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-14 12:47 . 2005-11-13 21:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-14 12:47 . 2005-11-13 21:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-14 12:47 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-14 12:47 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-14 12:47 . 2005-11-13 21:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-14 12:47 . 2011-08-14 12:47 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-14 12:47 . 2011-08-14 12:47 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-12 16:17 . 2011-09-06 17:06 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-10 16:06 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 03:05 . 2010-09-28 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-16 04:26 . 2011-08-10 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 03:07 . 2011-07-13 16:23 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-03_10.52.38 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-09-06 15:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-06 15:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 04:58 . 2011-09-07 15:41 50330 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-07 15:41 33400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-20 04:50 . 2011-09-07 15:41 13400 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3898257279-3220266764-3061120529-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-09-06 17:05 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-08-20 04:40 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:40 . 2011-09-04 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-25 16:56 . 2011-09-05 17:18 3292 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-09-07 15:56 . 2011-09-07 15:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-03 10:52 . 2011-09-03 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-09-06 17:05 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-09-06 17:05 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2011-09-07 15:55 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-09-03 10:51 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-05 14:02 . 2011-09-05 17:18 392708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3898257279-3220266764-3061120529-1000-8192.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-06 15:48 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-13 18:06 . 2011-09-07 15:55 2269684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3898257279-3220266764-3061120529-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-27 273544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-15 2027840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-03 246600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"combofix"="c:\combofix\CF20611.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\shark\AppData\Roaming\Mozilla\Firefox\Profiles\fl1zbh1l.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bde ... &sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
.
[HKEY_USERS\S-1-5-21-3898257279-3220266764-3061120529-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,55,3e,53,f3,41,92,c4,75,8b,14,2c,ad,b1,3d,1e,b3,4d,d3,69,cd,
0d,e3,72,42,1f,1f,28,af,2c,41,29,1e,ba,ba,4e,d4,ff,dd,c4,8d,29,b6,e7,30,dc,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2011-09-07 18:00:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-07 16:00
ComboFix2.txt 2011-09-06 17:24
ComboFix3.txt 2011-09-05 16:47
ComboFix4.txt 2011-09-03 10:55
.
Pre-Run: 180 820 758 528 bytes free
Post-Run: 180 396 756 992 bytes free
.
- - End Of File - - E93B2353720E7738F8DD5DF771F6CFE0

[falcon5583]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:17:23, on 7. 9. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\shark\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll (file missing)
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7936 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll (file missing)

Je třeba zkopírovat celý script ( posuvník!)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\aswBoot.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

Folder::
c:\program files\AVAST Software
c:\program files (x86)\Avira

Driver::
AntiVirSchedulerService
AntiVirWebService

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[falcon5583]

ComboFix 11-09-08.03 - shark . 09. 2011 18:31:12.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4094.2843 [GMT 2:00]
Running from: c:\users\shark\Desktop\ComboFix.exe
Command switches used :: c:\users\shark\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
"c:\program files (x86)\Avira\AntiVir Desktop\sched.exe"
"c:\windows\system32\aswBoot.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software
c:\program files\AVAST Software\Avast\Setup\setup.ini
c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AntiVirSchedulerService
-------\Service_AntiVirWebService
.
.
((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
.
.
2011-09-08 16:34 . 2011-09-08 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-06 15:53 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C21B5BF4-A900-42F8-A79C-184CFEC3F969}\mpengine.dll
2011-09-04 07:35 . 2011-08-19 14:33 27992 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-09-04 07:35 . 2010-11-26 16:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-09-03 11:21 . 2011-09-03 11:21 -------- d-----w- c:\users\shark\AppData\Roaming\AVG2012
2011-09-03 11:20 . 2011-09-03 11:20 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-09-03 11:20 . 2011-09-06 17:07 -------- d-----w- c:\programdata\AVG2012
2011-09-03 11:10 . 2011-09-05 17:18 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-09-02 15:00 . 2011-09-02 15:00 -------- d-----w- c:\users\shark\AppData\Roaming\Malwarebytes
2011-09-02 14:59 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\programdata\Malwarebytes
2011-09-02 14:59 . 2011-09-02 14:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-02 14:59 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-29 14:24 . 2011-09-05 17:19 -------- d-----w- c:\users\Guest
2011-08-29 14:02 . 2011-08-29 14:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-26 16:30 . 2011-09-05 17:19 -------- d-----w- c:\users\shark\AppData\Roaming\AVG10
2011-08-25 18:23 . 2011-08-25 18:23 22567 ----a-w- c:\programdata\1314296490.bdinstall.bin
2011-08-25 18:19 . 2011-08-27 15:37 -------- d-----w- c:\users\shark\AppData\Roaming\QuickScan
2011-08-25 17:47 . 2011-08-15 11:19 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-25 17:47 . 2011-08-15 11:13 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-25 17:47 . 2011-08-15 11:13 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-25 17:47 . 2011-08-15 11:13 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-25 17:47 . 2011-08-25 17:47 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-08-25 17:46 . 2011-08-25 17:47 -------- d-----w- c:\programdata\TuneUp Software
2011-08-25 17:46 . 2011-08-25 17:46 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-24 15:56 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 15:56 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 14:13 . 2011-08-25 16:53 -------- d-----w- c:\programdata\PC Tools
2011-08-20 09:40 . 2011-08-20 09:40 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-20 09:31 . 2011-08-20 09:31 -------- d--h--w- c:\programdata\Common Files
2011-08-20 09:16 . 2011-09-06 17:05 -------- d-----w- c:\programdata\MFAData
2011-08-16 15:50 . 2011-08-08 08:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-08-16 15:50 . 2011-07-16 14:17 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-08-16 15:50 . 2011-06-24 14:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-08-16 15:50 . 2011-06-24 14:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-08-16 15:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-08-16 15:50 . 2006-10-18 18:05 232448 ----a-w- c:\windows\SysWow64\mp3fhg.acm
2011-08-16 15:50 . 2002-08-22 04:00 413760 ----a-w- c:\windows\SysWow64\DivXc32f.dll
2011-08-16 15:50 . 2002-08-01 09:03 413760 ----a-w- c:\windows\SysWow64\DivXc32.dll
2011-08-16 15:50 . 2001-02-25 01:19 287744 ----a-w- c:\windows\SysWow64\divxa32.acm
2011-08-14 12:47 . 2005-06-24 14:24 438272 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2011-08-14 12:47 . 2004-12-10 07:06 327680 ----a-w- c:\windows\SysWow64\vp6dec.ax
2011-08-14 12:47 . 2005-11-13 21:22 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-08-14 12:47 . 2005-11-13 21:22 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-08-14 12:47 . 2005-11-13 21:21 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-08-14 12:47 . 2005-11-13 21:20 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-08-14 12:47 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-08-14 12:47 . 2005-11-13 21:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-08-14 12:47 . 2005-11-13 21:16 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-08-14 12:47 . 2011-08-14 12:47 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-08-14 12:47 . 2011-08-14 12:47 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-08-12 16:17 . 2011-09-06 17:06 -------- d-----w- c:\program files (x86)\JDownloader
2011-08-10 16:06 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-10 16:06 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 03:05 . 2010-09-28 06:21 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-16 04:26 . 2011-08-10 16:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-06-11 03:07 . 2011-07-13 16:23 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-03_10.52.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-09-07 15:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-07 15:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-20 04:58 . 2011-09-08 16:14 50330 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-08 16:14 33416 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-20 04:50 . 2011-09-08 16:14 13448 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3898257279-3220266764-3061120529-1000_UserData.bin
+ 2009-07-14 05:30 . 2011-09-06 17:05 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 86016 c:\windows\system32\DriverStore\infpub.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:40 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-20 04:40 . 2011-09-04 07:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-20 04:40 . 2011-08-29 16:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-09-04 07:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-29 16:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-09-08 16:15 91392 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-08-25 16:56 . 2011-09-05 17:18 3292 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-09-03 10:52 . 2011-09-03 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-08 16:35 . 2011-09-08 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-03 10:52 . 2011-09-03 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-08 16:35 . 2011-09-08 16:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:30 . 2011-09-06 17:05 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-09-06 17:05 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-08-20 09:19 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2011-09-03 10:51 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-09-08 16:35 391940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-05 14:02 . 2011-09-05 17:18 392708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3898257279-3220266764-3061120529-1000-8192.dat
+ 2009-07-14 04:54 . 2011-09-07 15:57 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-09-02 15:30 1884160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:45 . 2011-08-29 16:03 7149868 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-09-08 16:14 7149868 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-03-13 18:06 . 2011-09-08 16:35 2269684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3898257279-3220266764-3061120529-1000-12288.dat
- 2009-07-14 02:34 . 2011-08-29 14:21 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-09-07 16:12 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-04 102400]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-05-27 273544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-08-15 2027840]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-09-03 246600]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"combofix"="c:\combofix\CF15542.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\shark\AppData\Roaming\Mozilla\Firefox\Profiles\fl1zbh1l.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bde ... &sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,51,48,9c,f7,95,29,41,a7,3f,49,\
.
[HKEY_USERS\S-1-5-21-3898257279-3220266764-3061120529-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,55,3e,53,f3,41,92,c4,75,8b,14,2c,ad,b1,3d,1e,b3,4d,d3,69,cd,
0d,e3,72,42,1f,1f,28,af,2c,41,29,1e,ba,ba,4e,d4,ff,dd,c4,8d,29,b6,e7,30,dc,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
.
**************************************************************************
.
Completion time: 2011-09-08 18:38:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-08 16:38
ComboFix2.txt 2011-09-07 16:00
ComboFix3.txt 2011-09-06 17:24
ComboFix4.txt 2011-09-05 16:47
ComboFix5.txt 2011-09-08 16:29
.
Pre-Run: 179 972 464 640 bytes free
Post-Run: 179 650 015 232 bytes free
.
- - End Of File - - B87F65873658E938727AD929D047BB26

[falcon5583]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:41:08, on 8. 9. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\shark\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6879 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html

smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)


Avira je pryč , jak to vypadá nyní?