Win32/Jeefo.A prosim pomoc

[Agent_Orange]

Zdar

Pouzivam antivirovy Avira free a ten mi dnes rano detekoval virus v procese svchost.exe, tak som dal repair a po restarte sa spustil dalsi sken ktory nasiel asi 300 infikovanych suborov, vsetky su vraj nakazene Win32/Jeefo.A, napadlo to aj ine exe subory, nejde mi napriklad spustit word ani excel ani vlc, stale hlasi ze .exe is not a valid 32 bit application
log z aviri mi nechcelo ulozit

tu je Log z combofix:

ComboFix 14-04-20.01 - Peter . 04. 2014 20:43:38.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.8143.6768 [GMT 2:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Peter\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-03-25 to 2014-04-25 )))))))))))))))))))))))))))))))
.
.
2014-04-25 18:49 . 2014-04-25 18:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-25 18:06 . 2014-04-25 18:14 -------- d-----w- c:\program files (x86)\Advanced Fix 2014
2014-04-25 17:22 . 2014-04-25 18:38 -------- d-----w- c:\programdata\Sophos
2014-04-25 16:33 . 2014-04-25 18:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-04-25 16:33 . 2014-04-25 18:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-25 15:21 . 2014-02-25 09:41 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-25 15:21 . 2014-02-25 09:41 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-25 15:21 . 2014-02-25 09:41 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-25 15:18 . 2014-04-25 15:21 -------- d-----w- c:\programdata\Avira
2014-04-25 15:18 . 2014-04-25 15:21 -------- d-----w- c:\program files (x86)\Avira
2014-04-25 10:17 . 2014-04-25 15:11 -------- d-----w- c:\programdata\AVAST Software
2014-04-25 09:55 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B99C4BF-B794-468E-943B-F4F178DBD4B2}\mpengine.dll
2014-04-23 18:26 . 2014-04-23 18:26 -------- d-----w- c:\windows\Sun
2014-04-23 18:26 . 2014-04-23 18:26 -------- d-----w- c:\programdata\Oracle
2014-04-23 18:26 . 2014-04-23 18:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-04-23 18:25 . 2014-04-23 18:25 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-23 18:25 . 2014-04-23 18:25 -------- d-----w- c:\program files (x86)\Java
2014-04-23 09:44 . 2014-04-23 09:44 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-23 09:44 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-23 09:44 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-23 09:41 . 2014-04-23 11:38 -------- d-----w- c:\program files (x86)\Microsoft Works
2014-04-23 09:40 . 2014-04-23 09:40 -------- d-----w- c:\windows\PCHEALTH
2014-04-23 09:38 . 2014-04-23 09:38 -------- d-----w- c:\program files\Microsoft Office
2014-04-23 09:38 . 2014-04-23 09:38 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2014-04-23 09:38 . 2014-04-25 18:20 -------- d-----w- c:\programdata\Microsoft Help
2014-04-23 09:37 . 2014-04-23 09:37 -------- d-----r- C:\MSOCache
2014-04-22 03:19 . 2013-06-28 12:49 1930240 ----a-w- c:\windows\system32\athurx.sys
2014-04-22 03:19 . 2014-04-22 03:19 -------- d-----w- c:\programdata\TP-LINK
2014-04-18 22:11 . 2014-04-25 15:18 -------- d-----w- c:\programdata\Package Cache
2014-04-17 10:03 . 2014-04-17 10:03 -------- d-----w- c:\programdata\WarThunder
2014-04-17 09:09 . 2014-04-25 17:23 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-17 09:09 . 2014-04-17 09:09 -------- d-----w- c:\windows\system32\Macromed
2014-04-16 14:16 . 2014-04-18 21:01 -------- d-----w- c:\program files (x86)\NCSOFT
2014-04-16 09:38 . 2014-04-16 09:38 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2014-04-16 09:38 . 2014-04-16 09:38 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-04-16 09:38 . 2014-04-16 09:38 -------- d-----w- c:\programdata\Sony Mobile
2014-04-16 09:38 . 2014-04-16 09:38 -------- d-----w- c:\program files (x86)\Sony Mobile
2014-04-16 09:28 . 2014-04-16 09:28 -------- d-----w- c:\programdata\Sony
2014-04-16 09:28 . 2014-04-16 09:28 -------- d-----w- c:\program files (x86)\Sony
2014-04-15 22:03 . 2014-04-15 22:03 -------- d-----w- c:\program files (x86)\CrystalDiskInfo
2014-04-14 09:27 . 2014-04-14 09:27 -------- d-----w- C:\ControlCenterCount
2014-04-14 09:21 . 2013-08-01 15:01 29088 ----a-w- c:\windows\system32\drivers\INETMON.sys
2014-04-14 09:16 . 2013-09-17 01:20 16344 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2014-04-14 09:10 . 2012-08-22 08:19 11832 ----a-w- c:\windows\acpimof.dll
2014-04-14 00:45 . 2014-04-14 00:45 -------- d-----w- c:\program files (x86)\Setup Files
2014-04-14 00:39 . 2014-04-14 09:21 -------- d-----w- c:\programdata\Intel
2014-04-14 00:39 . 2014-04-14 09:19 -------- d-----w- c:\program files\Intel
2014-04-14 00:39 . 2014-04-14 00:39 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2014-04-14 00:38 . 2013-09-17 01:20 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2014-04-14 00:38 . 2013-09-17 01:20 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2014-04-14 00:34 . 2014-04-14 09:10 -------- d-----w- c:\program files (x86)\MSI
2014-04-12 11:01 . 2014-04-24 20:18 -------- d-----w- c:\program files\7-Zip
2014-04-12 10:48 . 2014-04-12 10:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2014-04-12 10:48 . 2014-04-12 10:48 -------- d-----w- c:\program files (x86)\Winamp
2014-04-11 18:59 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-04-11 18:59 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll
2014-04-11 14:47 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-11 14:47 . 2013-10-02 04:38 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2014-04-11 14:45 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-11 14:45 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-11 14:45 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-04-11 14:45 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-11 14:45 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-04-11 14:45 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-11 14:45 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-11 14:45 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-11 14:45 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-11 14:45 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-04-11 14:45 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-04-10 23:08 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-04-10 16:26 . 2014-04-10 16:26 -------- d-----w- C:\Crash
2014-04-10 14:39 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-04-10 14:39 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-04-10 14:21 . 2014-04-10 14:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-04-10 11:44 . 2014-04-18 21:00 -------- d-----w- c:\program files (x86)\Renegade X
2014-04-10 10:22 . 2014-04-17 13:59 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-10 10:22 . 2014-04-20 15:10 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2014-04-10 10:21 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-04-10 10:21 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-04-10 10:21 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-04-10 10:21 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2014-04-10 10:16 . 2014-04-10 10:16 -------- d-----w- c:\programdata\EA Core
2014-04-10 10:16 . 2014-04-10 15:20 -------- d-----w- c:\programdata\EA Logs
2014-04-10 09:03 . 2014-04-18 22:14 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2014-04-10 09:02 . 2014-04-25 12:21 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-10 09:02 . 2014-04-25 12:21 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-10 09:02 . 2014-04-18 22:13 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-09 20:56 . 2014-04-09 12:00 -------- d-----w- c:\windows\Panther
2014-04-09 20:03 . 2014-04-09 20:03 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2014-04-09 18:31 . 2014-04-17 09:09 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 18:31 . 2014-04-09 18:31 -------- d-----w- c:\windows\SysWow64\Macromed
2014-04-09 17:48 . 2014-04-09 17:48 -------- d-----w- c:\programdata\Hi-Rez Studios
2014-04-09 17:48 . 2014-04-25 10:22 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2014-04-09 17:23 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-04-09 17:23 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2014-04-09 17:23 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2014-04-09 17:23 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-04-09 17:23 . 2010-06-02 02:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2014-04-09 17:23 . 2010-06-02 02:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2014-04-09 17:23 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-04-09 17:23 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2014-04-09 17:23 . 2010-05-26 09:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2014-04-09 17:23 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2014-04-09 16:21 . 2007-03-05 10:42 15128 ----a-w- c:\windows\SysWow64\x3daudio1_1.dll
2014-04-09 16:09 . 2014-04-09 16:09 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-09 16:09 . 2014-04-09 16:09 -------- d-----r- c:\program files (x86)\Skype
2014-04-09 16:09 . 2014-04-09 16:09 -------- d-----w- c:\programdata\Skype
2014-04-09 15:51 . 2014-04-18 21:08 -------- d-----w- c:\program files (x86)\Origin Games
2014-04-09 15:48 . 2014-04-25 12:16 -------- d-----w- c:\programdata\Origin
2014-04-09 15:48 . 2014-04-10 10:16 -------- d-----w- c:\programdata\Electronic Arts
2014-04-09 15:48 . 2014-04-25 12:16 -------- d-----w- c:\program files (x86)\Origin
2014-04-09 15:45 . 2014-04-09 15:45 -------- d-----w- c:\program files (x86)\VideoLAN
2014-04-09 15:38 . 2014-04-25 10:22 -------- d-----w- c:\program files (x86)\GPU-Z
2014-04-09 15:30 . 2014-04-25 10:40 -------- d-----w- c:\program files (x86)\Steam
2014-04-09 15:30 . 2014-04-09 20:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-04-09 15:27 . 2014-04-09 15:39 -------- d-----w- c:\program files\CPUID
2014-04-09 14:58 . 2014-04-16 11:13 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-04-09 14:58 . 2014-04-16 11:13 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-04-09 14:58 . 2014-04-10 20:43 -------- d-----w- c:\program files (x86)\Battle.net
2014-04-09 14:46 . 2014-04-09 14:46 -------- d-----w- c:\programdata\Battle.net
2014-04-09 14:17 . 2014-04-09 14:17 209096 ----a-w- c:\windows\system32\AERTAC64.dll
2014-04-09 14:17 . 2014-04-09 14:17 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2014-04-09 14:17 . 2014-04-09 14:18 -------- d--h--w- c:\program files (x86)\Temp
2014-04-09 14:17 . 2014-04-09 14:16 2080472 ----a-w- c:\windows\RtlExUpd.dll
2014-04-09 14:17 . 2014-04-09 14:17 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-25 17:23 . 2006-10-26 11:45 293376 ----a-w- c:\windows\SysWow64\WISPTIS.EXE
2014-04-10 23:06 . 2014-04-10 23:06 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-04-10 23:06 . 2014-04-10 23:06 208384 ----a-w- c:\windows\SysWow64\webcheck.dll
2014-04-09 12:18 . 2013-02-22 18:40 792560 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2014-04-09 12:18 . 2013-02-22 18:40 358896 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2014-04-09 12:18 . 2013-02-22 18:40 20464 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2014-04-09 12:18 . 2009-07-15 03:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-20 21:03 . 2014-03-20 21:03 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-20 21:03 . 2014-03-20 21:03 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-20 21:03 . 2014-03-20 21:03 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-20 21:03 . 2014-03-20 21:03 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-20 21:03 . 2014-03-20 21:03 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-20 21:03 . 2014-03-20 21:03 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-20 21:02 . 2014-03-20 21:02 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-20 21:02 . 2014-03-20 21:02 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-20 21:02 . 2014-03-20 21:02 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-20 21:02 . 2014-03-20 21:02 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-20 21:02 . 2014-03-20 21:02 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-20 21:02 . 2014-03-20 21:02 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-20 21:02 . 2014-03-20 21:02 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-20 21:02 . 2014-03-20 21:02 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-20 21:02 . 2014-03-20 21:02 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-20 21:02 . 2014-03-20 21:02 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-20 21:02 . 2014-03-20 21:02 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-20 21:02 . 2014-03-20 21:02 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-20 21:02 . 2014-03-20 21:02 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-20 21:02 . 2014-03-20 21:02 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-20 21:02 . 2014-03-20 21:02 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-20 21:02 . 2014-03-20 21:02 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-03-20 21:02 . 2014-03-20 21:02 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-03-20 21:02 . 2014-03-20 21:02 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-20 21:02 . 2014-03-20 21:02 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-03-20 21:02 . 2014-03-20 21:02 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-20 21:02 . 2014-03-20 21:02 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-20 21:02 . 2014-03-20 21:02 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-20 21:02 . 2014-03-20 21:02 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-20 21:02 . 2014-03-20 21:02 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-20 21:02 . 2014-03-20 21:02 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-20 21:02 . 2014-03-20 21:02 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-20 21:02 . 2014-03-20 21:02 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-20 21:02 . 2014-03-20 21:02 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 09:17 . 2014-04-09 12:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-09 292088]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-04-15 182352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISCTSystray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-8-1 5545448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;c:\program files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys;c:\program files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 10:22 1112904 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-17 09:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-04-09 7506136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-04-25 20:56:41 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-25 18:56
ComboFix2.txt 2014-04-25 17:47
.
Pre-Run: 318 291 431 424 bytes free
Post-Run: 317 847 126 016 bytes free
.
- - End Of File - - 13CA148C1345D6FABEBBBD1E78F33114
A36C5E4F47E84449FF07ED3517B43A31

[motji]

Zdravím
Zkuste tento program
http://www.sophos.com/support/cleaners/jeefogui.com
-spusťte ho, kliknete na Go
-po skončení skenu restartujte pc a dejte vědět jak to vypadá

[Agent_Orange]

tak som to spustil nenaslo to nic ale vytvorilo to log vo formate txt o velkosti skoro 4,2 MB tu je https://mega.co.nz/#!DE1BXLbD!WiX3bbPsg ... M4dtbgSWVE

[motji]

Vy jste ten combofix spouštěl několikrát? V logu tím pádem nic nevidím .
Avast stále něco hlásí?

[Agent_Orange]

no pustil som to 2x, skusit log niektoreho z programov ktore su tu na fore v oznamoch?

[motji]

Můžete FRST. Ten Avast něoc hlásí a programy fungují?

[Agent_Orange]

no Avira stale najde plno exe aplikacii ze su infikovane ale ked dam repair stale sa restartuje PC ale po restarte ich stale ukaze ako infikovane, stiahol som FRSTLauncher.exe, a povolil ho v avire ale ajtak mi ho windows odmieta spustit

[Agent_Orange]

tu je log:

Vaše zpráva obsahuje 187323 znaků. Maximální povolený počet znaků je 100000.

davam ho ako prilogu spolu s Addition

[Agent_Orange]

neviem preco mi nechce dovolit dat 2 prilohy do jedneho prispevku tak to davam este raz tu...

[motji]

V logu nic nevidím . Můžete prosím některý z těch souborů, co hlásí Avira, otestovat na www.virustotal.com?
Dejte reanalyze a až se načtou výsledky, vložte sem link ke stránce

[motji]

Nějak se mi to nezdá. Jinak rozhodně teď nepoužvíejte žádné flešky, je to fileinfector, napadne Vám všechny exe soubory.

Dejte soubor otestovat na http://www.virustotal.com
c:\windows\system32\lsass.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\svchost.exe
c:\windows\system32\winlogon.exe
c:\windows\explorer.exe
c:\windows\system32\services.exe

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.



Udělejte kompletní scan pomocí AVPTool - http://www.viry.cz/forum/viewtopic.php?f=29&t=58179,
- vše nechte léčit, obsah logu dle návodu vložte zde.

[Agent_Orange]

dakujem, pozriem sa na to

[Agent_Orange]

tieto virusy nasiel kaspersky:

Status: Deleted (events: 5)
26. 4. 2014 16:32:21 Deleted virus Virus.Win32.Hidrag.a C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb High
26. 4. 2014 16:32:21 Deleted virus Virus.Win32.Hidrag.a C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb High
26. 4. 2014 16:32:21 Deleted virus Virus.Win32.Hidrag.a C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb High
26. 4. 2014 16:32:21 Deleted virus Virus.Win32.Hidrag.a C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb.kav High
26. 4. 2014 16:32:21 Deleted virus Virus.Win32.Hidrag.a C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb High
Status: Absent (events: 1)
26. 4. 2014 16:37:03 Not found virus Virus.Win32.Hidrag.a C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb.kav High

[motji]

Otestoval jste ty systémové soubory?

[Agent_Orange]

ano podla http://www.virustotal.com su ciste