"your pc is infected, buy our System Tools"

[nemamradvirusy]

zdravim, kuriozny problem:
plocha zmodrela a nejde sustat vacsinu exe suborov pretoze "su infikovane", typ havede co chce odomna prachy na to aby bolo vsetko v poriadku, radsej som sa do toho nepustal sam lebo s tymto nemam moc skusenosti, verim ze mi s tym pomozete prikladam log:

info.txt logfile of random's system information tool 1.08 2011-02-12 13:51:10

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A93000000001}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Babylon toolbar-->"C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\uninstall.exe"
Babylon-->C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Conduit Engine-->C:\PROGRA~1\CONDUI~1\ConduitEngineUninstall.exe
Counter-Strike: Source-->C:\Program Files\Counter-Strike Source\Uninst.exe
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Express Gate-->MsiExec.exe /X{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_4079369A224CB572.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Kobra 11 Nitro-->"C:\Program Files\Kobra 11 Nitro\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Corporation-->MsiExec.exe /I{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}
Microsoft LifeCam-->MsiExec.exe /X{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MIKULÁŠ-->"C:\Program Files\Play\MIKULÁŠ\unins000.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Need for Speed Underground 2-->C:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Neighbours From Hell Compilation-->C:\Program Files\InstallShield Installation Information\{5C81E5B5-15C0-4196-8FEC-BE56FFAB9437}\setup.exe -runfromtemp -l0x0405
Nero BurnLite 10-->MsiExec.exe /I{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
Nero BurnLite 10-->MsiExec.exe /X{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
Nero Control Center 10-->MsiExec.exe /X{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
Nero ControlCenter 10 Help (CHM)-->MsiExec.exe /X{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
Nero Core Components 10-->MsiExec.exe /X{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
Nero Update-->MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
Norton Security Scan-->C:\Program Files\Norton Security Scan\Engine\3.0.1.8\InstWrap.exe
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PhotoScape-->"C:\Users\Rasto\Desktop\photoscape\uninstall.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmileyCentral-->rundll32 C:\PROGRA~1\SMILEY~2\bar\1.bin\1wBar.dll,O
Softonic-Eng7 Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Včielka Ula-->"C:\Program Files\Včielka Ula\Uninstall.exe" "C:\Program Files\Včielka Ula\install.log"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
WinRAR 4.00 beta 3 (32-bit)-->D:\Program Files\WinRAR\uninstall.exe

======System event log======

Computer Name: Rasto-PC
Event Code: 11
Message: Načítavajú sa vlastné knižnice dynamických prepojení pre všetky aplikácie. Správca systému by mal skontrolovať zoznam knižníc a zistiť, či patria dôveryhodným aplikáciám.
Record Number: 125580
Source Name: Microsoft-Windows-Wininit
Time Written: 20100820051618.599644-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Rasto-PC
Event Code: 875
Message: Driver sfdrv01.sys has been blocked from loading.
Record Number: 125527
Source Name: Application Popup
Time Written: 20100820051558.148808-000
Event Type: Error
User:

Computer Name: Rasto-PC
Event Code: 875
Message: Driver sfvfs02.sys has been blocked from loading.
Record Number: 125526
Source Name: Application Popup
Time Written: 20100820051558.148808-000
Event Type: Error
User:

Computer Name: Rasto-PC
Event Code: 875
Message: Driver sfsync02.sys has been blocked from loading.
Record Number: 125524
Source Name: Application Popup
Time Written: 20100820051555.590403-000
Event Type: Error
User:

Computer Name: Rasto-PC
Event Code: 7016
Message: Služba NVIDIA Display Driver Service oznámila neplatný aktuálny stav 32.
Record Number: 125499
Source Name: Service Control Manager
Time Written: 20100819210431.341108-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Rasto-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 10797
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20100228171736.280345-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Rasto-PC
Event Code: 1
Message: The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled. Applications that require this driver will not function properly without a patch.
Record Number: 10783
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20100228171141.320026-000
Event Type: Warning
User: Rasto-PC\Rasto

Computer Name: Rasto-PC
Event Code: 1
Message: The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled. Applications that require this driver will not function properly without a patch.
Record Number: 10782
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20100228171141.320026-000
Event Type: Warning
User: Rasto-PC\Rasto

Computer Name: Rasto-PC
Event Code: 1
Message: The application (StarForce Protection, from vendor StarForce) has the following problem: The installed StarForce Protection driver is not compatible with this version of Windows and will be disabled. Applications that require this driver will not function properly without a patch.
Record Number: 10781
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20100228171141.320026-000
Event Type: Warning
User: Rasto-PC\Rasto

Computer Name: Rasto-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-4054158674-678169352-3695139878-1000:
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Microsoft\SystemCertificates\trust
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Microsoft\SystemCertificates\Root
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Microsoft\SystemCertificates\My
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Microsoft\SystemCertificates\CA
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Policies\Microsoft\SystemCertificates
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Policies\Microsoft\SystemCertificates
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Policies\Microsoft\SystemCertificates
Process 1252 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4054158674-678169352-3695139878-1000\Software\Policies\Microsoft\SystemCertificates

Record Number: 10770
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100228164633.855993-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Rasto-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 8073
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217080453.034430-000
Event Type: Audit Success
User:

Computer Name: Rasto-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: RASTO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x21c
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 8072
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217080453.034430-000
Event Type: Audit Success
User:

Computer Name: Rasto-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-4054158674-678169352-3695139878-1000
Account Name: Rasto
Account Domain: Rasto-PC
Logon ID: 0x17287

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 8071
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217080452.675630-000
Event Type: Audit Success
User:

Computer Name: Rasto-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: RASTO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-4054158674-678169352-3695139878-1000
Account Name: Rasto
Account Domain: Rasto-PC
Logon ID: 0x172b0
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2bc
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: RASTO-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 8070
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217080452.675630-000
Event Type: Audit Success
User:

Computer Name: Rasto-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: RASTO-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-4054158674-678169352-3695139878-1000
Account Name: Rasto
Account Domain: Rasto-PC
Logon ID: 0x17287
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2bc
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: RASTO-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 8069
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100217080452.675630-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------


dakujem

[Rudy]

Dejte log z ComboFix. Pokud by nešel normálně spustit, zkuste to v nouz. režimu.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[nemamradvirusy]

paci sa, log z CF:

ComboFix 11-02-11.02 - Rasto . 02. 2011 14:22:13.1.4 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.2047.1556 [GMT 1:00]
Running from: c:\users\Rasto\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\iCdGpPe14700
c:\programdata\iCdGpPe14700\iCdGpPe14700
c:\programdata\iCdGpPe14700\iCdGpPe14700.exe
c:\users\Rasto\AppData\Roaming\Local
c:\users\Rasto\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Rasto\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Rasto\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Rasto\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 13:24 . 2011-02-12 13:25 -------- d-----w- c:\users\Rasto\AppData\Local\temp
2011-02-12 13:24 . 2011-02-12 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-12 13:20 . 2011-02-12 13:20 -------- d-----w- C:\32788R22FWJFW
2011-02-12 12:50 . 2011-02-12 12:51 -------- d-----w- c:\program files\trend micro
2011-02-12 12:43 . 2011-02-12 12:51 -------- d-----w- C:\rsit
2011-01-22 16:41 . 2011-01-22 16:41 -------- d-----w- c:\windows\system32\drivers\NSS
2011-01-22 16:41 . 2011-01-22 16:41 -------- d-----w- c:\program files\Norton Security Scan
2011-01-19 15:45 . 2011-01-19 16:20 -------- d-----w- c:\users\Rasto\AppData\Roaming\PhotoScape
2011-01-14 22:21 . 2011-01-14 22:21 -------- d-----w- c:\program files\MSXML 4.0
2011-01-14 12:27 . 2011-01-14 12:27 -------- d-----w- c:\users\Rasto\AppData\Local\AskToolbar
2011-01-14 12:05 . 2011-01-14 12:05 -------- d-----w- c:\users\Rasto\AppData\Roaming\Nero
2011-01-14 12:04 . 2011-01-14 12:04 -------- d-----w- c:\programdata\Nero
2011-01-14 12:04 . 2011-01-14 12:04 -------- d-----w- c:\program files\Common Files\Nero
2011-01-14 12:04 . 2011-01-14 12:04 -------- d-----w- c:\program files\Nero
2011-01-14 12:01 . 2011-01-14 12:01 -------- d-----w- c:\program files\Microsoft Silverlight
2011-01-14 12:00 . 2011-01-16 14:05 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 05:06 . 2010-02-14 18:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-06 05:06 . 2010-08-20 08:24 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-02 08:23 . 2010-08-20 08:24 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-02-02 08:23 . 2010-02-14 18:17 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-23 08:33 . 2010-12-23 08:33 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
"{339a0dff-d9af-439b-92bc-636220fb3dae}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll" [2010-11-21 53248]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{339a0dff-d9af-439b-92bc-636220fb3dae}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55cde9e7-696c-47c4-8e21-7210b8aeb103}]
2010-11-21 11:41 675840 ----a-w- c:\progra~1\SMILEY~2\bar\1.bin\1wbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ed22e89-62fa-47ec-bd8d-374d849d436c}]
2010-11-21 11:41 53248 ----a-w- c:\program files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d3ca5551-fc2e-4d09-8ece-263607acf9fc}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll" [2010-11-21 675840]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[HKEY_CLASSES_ROOT\clsid\{d3ca5551-fc2e-4d09-8ece-263607acf9fc}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
"{D3CA5551-FC2E-4D09-8ECE-263607ACF9FC}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll" [2010-11-21 675840]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{d3ca5551-fc2e-4d09-8ece-263607acf9fc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-05-18 1409024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SmileyCentralIE_1w Browser Plugin Loader"="c:\progra~1\SMILEY~2\bar\1.bin\1wbrmon.exe" [2010-11-21 20480]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" [2010-08-09 286720]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-08-10 3824056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"AvgUninstallURL"="start http:" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-22 691696]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-06-05 315392]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 135664]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 SmileyCentralIE_1wService;SmileyCentral Service;c:\progra~1\SMILEY~2\bar\1.bin\1wbarsvc.exe [2010-11-21 28766]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-21 1957672]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 1047552]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]
S4 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [x]

.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:44]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:44]

2011-02-09 c:\windows\Tasks\Norton Security Scan for Rasto.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-22 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=15425&l=dis
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-{5AAA952E-B15E-47E0-94E4-DD6DC7B9C796}_is1 - c:\program files\Kobra 11 Nitro\unins000.exe
AddRemove-{909F8EBC-EC7F-48FF-0085-475D818F0F31} - c:\program files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-12 14:25:50
ComboFix-quarantined-files.txt 2011-02-12 13:25

Pre-Run: 60 278 898 688 bytes free
Post-Run: 61 228 027 904 bytes free

- - End Of File - - 608D7F5424A9AB222E53595C1563A963

[nemamradvirusy]

este pridavam ze som predtym musel odisntalovat AVG9 free koli ziadosti CF a nahradil som ho avirou, po restarte uz mam pocit ze PC funguje spravne

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[nemamradvirusy]

oukej, novy log:

ComboFix 11-02-11.02 - Rasto . 02. 2011 14:42:29.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.2047.1375 [GMT 1:00]
Running from: c:\users\Rasto\Desktop\ComboFix.exe
Command switches used :: c:\users\Rasto\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-12 to 2011-02-12 )))))))))))))))))))))))))))))))
.

2011-02-12 13:46 . 2011-02-12 13:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-12 13:37 . 2011-02-12 13:37 -------- d-----w- c:\programdata\Avira
2011-02-12 13:37 . 2011-02-12 13:37 -------- d-----w- c:\program files\Avira
2011-02-12 13:37 . 2011-01-10 13:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-12 13:37 . 2011-01-10 13:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-12 13:25 . 2011-02-12 13:46 -------- d-----w- c:\users\Rasto\AppData\Local\temp
2011-02-12 12:50 . 2011-02-12 12:51 -------- d-----w- c:\program files\trend micro
2011-02-12 12:43 . 2011-02-12 13:32 -------- d-----w- C:\rsit
2011-01-22 16:41 . 2011-01-22 16:41 -------- d-----w- c:\windows\system32\drivers\NSS
2011-01-22 16:41 . 2011-01-22 16:41 -------- d-----w- c:\program files\Norton Security Scan
2011-01-19 15:45 . 2011-01-19 16:20 -------- d-----w- c:\users\Rasto\AppData\Roaming\PhotoScape
2011-01-14 22:21 . 2011-01-14 22:21 -------- d-----w- c:\program files\MSXML 4.0
2011-01-14 12:27 . 2011-01-14 12:27 -------- d-----w- c:\users\Rasto\AppData\Local\AskToolbar
2011-01-14 12:05 . 2011-01-14 12:05 -------- d-----w- c:\users\Rasto\AppData\Roaming\Nero
2011-01-14 12:04 . 2011-01-14 12:04 -------- d-----w- c:\programdata\Nero
2011-01-14 12:04 . 2011-01-14 12:04 -------- d-----w- c:\program files\Common Files\Nero
2011-01-14 12:04 . 2011-01-14 12:04 -------- d-----w- c:\program files\Nero
2011-01-14 12:01 . 2011-01-14 12:01 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-06 05:06 . 2010-02-14 18:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-06 05:06 . 2010-08-20 08:24 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-02 08:23 . 2010-08-20 08:24 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-02-02 08:23 . 2010-02-14 18:17 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-23 08:33 . 2010-12-23 08:33 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{339a0dff-d9af-439b-92bc-636220fb3dae}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll" [2010-11-21 53248]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{339a0dff-d9af-439b-92bc-636220fb3dae}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{55cde9e7-696c-47c4-8e21-7210b8aeb103}]
2010-11-21 11:41 675840 ----a-w- c:\progra~1\SMILEY~2\bar\1.bin\1wbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ed22e89-62fa-47ec-bd8d-374d849d436c}]
2010-11-21 11:41 53248 ----a-w- c:\program files\SmileyCentralIE_1w\bar\1.bin\1wSrcAs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d3ca5551-fc2e-4d09-8ece-263607acf9fc}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll" [2010-11-21 675840]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]

[HKEY_CLASSES_ROOT\clsid\{d3ca5551-fc2e-4d09-8ece-263607acf9fc}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{D3CA5551-FC2E-4D09-8ECE-263607ACF9FC}"= "c:\program files\SmileyCentralIE_1w\bar\1.bin\1wbar.dll" [2010-11-21 675840]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{d3ca5551-fc2e-4d09-8ece-263607acf9fc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-05-18 1409024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SmileyCentralIE_1w Browser Plugin Loader"="c:\progra~1\SMILEY~2\bar\1.bin\1wbrmon.exe" [2010-11-21 20480]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" [2010-08-09 286720]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-08-10 3824056]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 135664]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-22 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-06-05 315392]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SmileyCentralIE_1wService;SmileyCentral Service;c:\progra~1\SMILEY~2\bar\1.bin\1wbarsvc.exe [2010-11-21 28766]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-21 1957672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-19 189440]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-05-08 1047552]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:44]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:44]

2011-02-09 c:\windows\Tasks\Norton Security Scan for Rasto.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-22 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com?o=15425&l=dis
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-12 14:46:53
ComboFix-quarantined-files.txt 2011-02-12 13:46
ComboFix2.txt 2011-02-12 13:25

Pre-Run: 62 349 856 768 bytes free
Post-Run: 62 170 324 992 bytes free

- - End Of File - - A30B4063CC9312D332E36EDBE1D9B210


dakujem velmi pekne, vazim si vazu pracu, vela krat ste ma uz dostali z problemov, verim ze v tom budete pokracovat aj nadalej prajem prijemny zbytok dna

[Rudy]

Log již vypadá čistý. Nastala nějaká změna?

[nemamradvirusy]

ano, ako som uz povedal, vsetko je v poriadku, este raz dakujem

[Rudy]

Nemáte zač!