Vše spouští prg. VMC

[Black]

Prosím o pomoc při odstranění viru z nb.
Při startu se spustí VinMediaCenter a všechny soubory exe se spouští v něm. Ikony na ploše mají vzhled VMC. Zřejmě je instalován Avast, ale nepodařilo si mo vypnout před spuštěním ComboFixu. Příponu exe u ComboFixu jsem musel přejmenovat na com.
Budu vděčný za každou radu.

ComboFix 12-02-19.02 - Fanda 20.02.2012 14:57:06.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2940.1946 [GMT 1:00]
Spuštěný z: c:\users\Fanda\Desktop\ComboFix.com
AV: avast! Antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\IObitBar\toolbar\1.bin\i0SRcas.dll
c:\programdata\ntuser.dat
c:\users\Fanda\videos\hardresetdemo_en.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\AutoRun.inf
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\setup.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-20 do 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 14:04 . 2012-02-20 14:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 15:29 . 2012-02-16 15:29 -------- d-----w- c:\users\Fanda\AppData\Roaming\Ashampoo
2012-02-16 15:29 . 2012-02-16 15:29 -------- d-----w- c:\users\AppData
2012-02-16 15:29 . 2012-02-19 14:15 -------- d-----w- c:\program files (x86)\MyAshampoo
2012-02-16 15:28 . 2012-02-16 15:28 -------- d-----w- c:\users\Fanda\AppData\Local\ashampoo
2012-02-16 15:28 . 2012-02-16 15:28 -------- d-----w- c:\programdata\ashampoo
2012-02-16 15:28 . 2012-02-16 15:28 -------- d-----w- c:\program files (x86)\Ashampoo
2012-02-16 15:26 . 2012-02-16 15:26 -------- d-----w- c:\program files (x86)\Rebellion
2012-02-16 15:12 . 2012-02-16 15:12 -------- d-----w- c:\program files (x86)\Hard Reset Demo
2012-02-16 14:55 . 2012-02-16 14:55 -------- d-----w- c:\users\Fanda\AppData\Roaming\FastStone
2012-02-16 14:55 . 2012-02-19 14:15 -------- d-----w- c:\program files (x86)\FastStone Image Viewer
2012-02-16 14:43 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-02-16 14:43 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-02-16 14:39 . 2012-02-16 14:39 -------- d-----w- c:\program files (x86)\Ubisoft
2012-02-15 18:16 . 2012-02-15 18:16 -------- d-----w- c:\users\Fanda\AppData\Local\Nero
2012-02-15 13:31 . 2012-02-15 13:31 -------- d-----w- c:\users\Fanda\AppData\Roaming\VideoCap
2012-02-15 12:01 . 2007-04-24 15:21 332744 ----a-w- c:\windows\SysWow64\_Setup.dll
2012-02-15 12:01 . 2009-11-12 10:29 -------- d---a-w- c:\windows\SysWow64\Support
2012-02-15 12:01 . 2009-11-12 10:29 -------- d---a-w- c:\windows\SysWow64\setupdir
2012-02-15 12:01 . 2009-11-11 18:24 540296 ----a-w- c:\windows\SysWow64\ISSetup.dll
2012-02-15 12:01 . 2009-11-11 18:24 377480 ----a-w- c:\windows\SysWow64\setup.exe
2012-02-15 12:01 . 2009-11-11 18:24 1136 ----a-w- c:\windows\SysWow64\layout.bin
2012-02-15 11:40 . 2012-02-15 11:40 -------- d-----w- c:\users\Fanda\AppData\Local\OCCT
2012-02-15 11:39 . 2012-02-15 11:39 -------- d-----w- c:\program files (x86)\OCCTPT
2012-02-10 16:43 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A616E2C-86D4-4133-A1BD-36FC6109C23B}\mpengine.dll
2012-01-28 12:07 . 2012-01-28 12:07 -------- d-----w- c:\program files (x86)\UVC Video Camera
2012-01-28 06:42 . 2012-01-28 06:42 -------- d-----w- c:\users\Fanda\AppData\Roaming\dvdcss
2012-01-26 10:45 . 2012-01-26 10:45 -------- d-----w- c:\program files (x86)\Centauri
2012-01-23 16:45 . 2012-01-23 16:45 -------- d-----w- c:\users\Fanda\AppData\Roaming\AnvSoft
2012-01-23 16:45 . 2012-01-23 16:45 -------- d-----w- c:\program files (x86)\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 15:21 . 2011-11-02 12:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-13 15:21 . 2011-10-14 13:23 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-10 12:31 . 2011-10-14 13:24 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-10 12:31 . 2011-11-02 12:53 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-29 04:10 . 2011-05-18 10:31 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-11-29 15:39 . 2011-12-29 01:08 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-11-29 15:38 . 2011-11-29 15:38 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-11-29 15:38 . 2011-11-29 15:38 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-11-29 15:38 . 2011-11-29 15:38 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-11-29 15:38 . 2011-11-29 15:38 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2011-11-29 15:38 . 2011-11-29 15:38 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2011-11-29 15:38 . 2011-11-29 15:38 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2011-11-29 15:38 . 2011-11-29 15:38 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2011-11-29 15:38 . 2011-11-29 15:38 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2011-11-29 15:38 . 2011-11-29 15:38 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2011-11-29 15:38 . 2011-11-29 15:38 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2011-11-29 15:38 . 2011-11-29 15:38 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2011-11-29 15:38 . 2011-11-29 15:38 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2011-11-29 15:38 . 2011-11-29 15:38 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2011-11-29 15:38 . 2011-11-29 15:38 40960 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2011-11-29 15:38 . 2011-11-29 15:38 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2011-11-29 15:38 . 2011-11-29 15:38 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2011-11-29 15:38 . 2011-11-29 15:38 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2011-11-29 15:38 . 2011-11-29 15:38 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2011-11-29 15:38 . 2011-11-29 15:38 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2011-11-29 15:38 . 2011-11-29 15:38 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2011-11-29 15:38 . 2011-11-29 15:38 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2011-11-29 15:38 . 2011-11-29 15:38 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2011-11-29 15:38 . 2011-11-29 15:38 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2011-11-29 15:38 . 2011-11-29 15:38 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2011-11-29 15:38 . 2011-11-29 15:38 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2011-11-29 15:38 . 2011-11-29 15:38 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2011-11-29 15:38 . 2011-12-29 01:07 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-11-24 05:00 . 2011-12-28 17:23 3141632 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"IObitBar Browser Plugin Loader"="c:\progra~2\IObitBar\toolbar\1.bin\i0brmon.exe" [2010-08-30 20480]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624]
"UVCSti"="c:\program files (x86)\UVC Video Camera\UVCSti.exe" [2010-08-23 245760]
"RunUVC"="c:\program files (x86)\UVC Video Camera\EffectDir\UVCtray.exe" [2010-08-23 7548928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Fanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Nokia Ovi Suite.lnk - c:\program files (x86)\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 136176]
R3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\Drivers\cam3820a.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 136176]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IObitBarService;IObit Toolbar Service;c:\progra~2\IObitBar\toolbar\1.bin\i0barsvc.exe [2010-08-30 28766]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files (x86)\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
2012-02-20 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-08-30 14:10]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 12:56]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-12 12:56]
.
2012-02-20 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files (x86)\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-17 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-17 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-17 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download Video on This Page - c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
IE: Download Video This Links To - c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211
TCP: Interfaces\{A3D55041-5759-4B43-9E34-6E6AA2B47186}: NameServer = 213.250.192.1,213.250.194.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Celkový čas: 2012-02-20 15:12:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-20 14:12
.
Před spuštěním: 2 647 572 480
Po spuštění: 2 510 192 640
.
- - End Of File - - 8A3AE4C53A8C394EC95A696C7C7EC2A2

[Black]

tak to se omlouvám, asi jsem měl nejdříve použít HijackThis. Doufám, že jsem nenapáchal ještě více škody než ten vir.

[Black]

tak snad to je ono:

RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v: Normální režim
Uživatel: Fanda [Práva správce]
Mode: Kontrola -- Date: 02/20/2012 18:05:39

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 9 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{A3D55041-5759-4B43-9E34-6E6AA2B47186} : NameServer (213.250.192.1,213.250.194.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{A3D55041-5759-4B43-9E34-6E6AA2B47186} : NameServer (213.250.192.1,213.250.194.1) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSX +++++
--- User ---
[MBR] 1d81b367cf4eac5836c8142767f9d60f
[BSP] 2e0b40826452d7490b71542639ae1021 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 821248 | Size: 152386 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 312907776 | Size: 152457 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] dd9c58be4ccc29c54f1d38538ba06b2e
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128 | Size: 1918 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[Black]

tak koukám, že jsem to asi pěkně podělal s tím Cfkem. Restart proběhl, nb se chová stále stejně - při pokusu spustit cokoliv naběhne VMC, dokonce i msconfig ho spustí.
Kde nákaza natáhla a s čím, to nůžu říct. Nb není můj, už mi takto přišel pod ruku na případný reinstall, ale radši ho chce sprovoznit.
Ps: obnovení systému změny Cfka asi nevrátí, že.

[Black]

nevím, zda to pomůže, ale zde se řešil stejný problém: http://forum.viry.cz/viewtopic.php?f=13 ... =vmc+ikony

Nový uživatel se zdá být vcajku!

[Black]

pokud se snažím vložit data do registru v nabouraném účtu, tak se mi zobrazí chybové hlášení:
reg. nelze importovat. Do registru se nepodařilo úspěšně zadat všechna data. Některé klíče jsou otevřeny systémem, nebo jinými procesy.

Mohu registr upravit v novém účtu?

[Black]

ale přeci jen změna. Už se nespoští ten pos.. VMC ale to co má, jen ikony jsou stále stejné.

[Black]

díky za ochotu. Ikony už jsou taky v pořádku. Jen ty registry se nepodařilo komplet vložit. Ale vše se zdá být OK.