VIRY.CZ

Dobry den, prosím o pomoc, nie je tomu ani 4 dni čo som tu riešil problém s týmto výrusom
úspešne som ho za Vašej pomoci zničil, vyčistili sme PC, a teraz na mňa vyskočil znova!!
Práve som bol na Youtube, takže žiadne podozrivé stránky ani nič.. nerozumiem tomu,
nemám vymeniť Aviru za Avast? Prikladám log z RSIT-u :/

(Logfile of random's system information tool 1.09 (written by random/random)
Run by Ja at 2012-07-18 16:25:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (19%) free of 17 GB
Total RAM: 1023 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:26:45, on 18. 7. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Software\Fire fox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
D:\Software\winamp\winamp.exe
C:\DOCUME~1\Ja\LOCALS~1\DATAAP~1\itmugann.exe
H:\Download\RSIT.exe
C:\Program Files\trend micro\Ja.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Software\MSOFFI~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať pomocou FDM - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Prevziať video pomocou FDM - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Prevziať vybrané pomocou FDM - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Prevziať všetko pomocou FDM - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6782 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default

prefs.js - "browser.startup.homepage" - "google.sk"
prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9, fdm_ffext@freedownloadmanager.org:1.3.4, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.8, {a6e4a4eb-d169-4e99-8988-250fcbafe767}:2.2.0.9, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {66822507-a6f9-9e39-e658-97ba12dc5f8f}:4.6.6.8, personas@christopher.beard:1.5.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.18"

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Program Files\Real\RealPlayer\browserrecord
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@joj.sk/TV_JOJ_Media_Player]
"Description"=TV JOJ Media Player
"Path"=C:\Program Files\TV JOJ Media Player\npplugin_netscape.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc;version=0.8.6d]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

D:\Software\Fire fox\extensions\
{66822507-a6f9-9e39-e658-97ba12dc5f8f}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

D:\Software\Fire fox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

D:\Software\Fire fox\plugins\
npdeployJava1.dll
npnul32.dll
NPOFF12.DLL
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class

D:\Software\Fire fox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\extensions\
personas@christopher.beard
staged-xpis
{a6e4a4eb-d169-4e99-8988-250fcbafe767}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Documents and Settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\searchplugins\
icqplugin.xml
Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-08-31 1312040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-21 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{855F3B16-6D32-4FE6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-16 13680640]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe""= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ja^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]

C:\Documents and Settings\Ja\Nabídka Start\Programy\Po spuštění
Automatické vypnutí počítače.lnk - C:\Program Files\Automatické vypnutí počítače\avp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Software\HRY\Valve\hl.exe"="D:\Software\HRY\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Software\Ares\Ares.exe"="D:\Software\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Software\HRY\cs source\CSS\hl2.exe"="D:\Software\HRY\cs source\CSS\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Software\winamp\winamp.exe"="D:\Software\winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"D:\Software\Fire fox\firefox.exe"="D:\Software\Fire fox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.divxa32"=msaud32_divx.acm
"vidc.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-07-18 16:25:41 ----D---- C:\rsit
2012-07-15 12:51:22 ----SHD---- C:\RECYCLER
2012-07-15 12:18:10 ----D---- C:\WINDOWS\temp
2012-07-15 11:32:52 ----A---- C:\Boot.bak
2012-07-15 11:32:49 ----RASHD---- C:\cmdcons
2012-07-15 10:26:55 ----D---- C:\Program Files\trend micro
2012-06-30 12:01:33 ----D---- C:\Program Files\Panasonic
2012-06-25 21:00:26 ----D---- C:\WINDOWS\system32\NtmsData
2012-06-25 20:59:40 ----D---- C:\Documents and Settings\Ja\Data aplikací\Avira
2012-06-25 20:53:56 ----A---- C:\WINDOWS\system32\drivers\avkmgr.sys
2012-06-25 20:53:55 ----D---- C:\Program Files\Avira
2012-06-25 20:53:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2012-06-25 20:53:55 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys

======List of files/folders modified in the last 1 month======

2012-07-18 16:25:48 ----D---- C:\WINDOWS\Prefetch
2012-07-17 17:57:13 ----D---- C:\Documents and Settings\Ja\Data aplikací\Adobe
2012-07-17 17:51:15 ----D---- C:\Documents and Settings\Ja\Data aplikací\Canon
2012-07-15 15:48:27 ----D---- C:\WINDOWS
2012-07-15 15:47:48 ----A---- C:\WINDOWS\avp.ini
2012-07-15 13:42:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-15 13:42:45 ----D---- C:\Documents and Settings\Ja\Data aplikací\Winamp
2012-07-15 13:03:38 ----D---- C:\WINDOWS\pss
2012-07-15 13:02:29 ----D---- C:\Documents and Settings\Ja\Data aplikací\uTorrent
2012-07-15 13:02:29 ----D---- C:\Documents and Settings\Ja\Data aplikací\Free Download Manager
2012-07-15 13:02:16 ----D---- C:\WINDOWS\system32\LogFiles
2012-07-15 13:02:15 ----D---- C:\WINDOWS\Logs
2012-07-15 13:01:28 ----D---- C:\Program Files\CCleaner
2012-07-15 12:52:58 ----SHD---- C:\System Volume Information
2012-07-15 12:52:58 ----D---- C:\WINDOWS\system32\Restore
2012-07-15 12:51:21 ----D---- C:\WINDOWS\system32
2012-07-15 12:47:39 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-15 12:23:19 ----D---- C:\WINDOWS\system32\drivers
2012-07-15 12:19:51 ----A---- C:\WINDOWS\system.ini
2012-07-15 12:19:30 ----D---- C:\WINDOWS\system32\drivers\etc
2012-07-15 12:18:26 ----D---- C:\WINDOWS\system32\config
2012-07-15 12:17:54 ----SD---- C:\WINDOWS\Tasks
2012-07-15 12:17:54 ----D---- C:\Program Files
2012-07-15 12:16:17 ----D---- C:\WINDOWS\AppPatch
2012-07-15 12:16:16 ----D---- C:\Program Files\Common Files
2012-07-15 11:32:52 ----RASH---- C:\boot.ini
2012-06-25 21:00:26 ----D---- C:\WINDOWS\repair
2012-06-25 20:59:48 ----D---- C:\WINDOWS\Registration
2012-06-25 20:54:19 ----D---- C:\WINDOWS\system32\CatRoot
2012-06-25 20:43:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-06-25 20:40:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-06-19 13:48:07 ----A---- C:\WINDOWS\wincmd.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 nvgts;nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [2008-11-12 145952]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-09-28 682232]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2012-04-27 137928]
R1 avkmgr;avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2012-04-25 83392]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-16 6305120]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 CoolerXPDriver;CoolerXPDriver; \??\D:\Software\pc alert\NTCooler.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\DOCUME~1\Ja\LOCALS~1\Temp\EverestDriver.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-11-20 104320]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-16 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-06-20 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-06-20 103736]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-12-23 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Program lze spustit v případě potíží i v nouz. režimu.

Zdravím, Ďakujem a prikladám log z ComboFixu

ComboFix 12-07-19.01 - Ja . 07. 2012 14:42:31.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1029.18.1023.588 [GMT 2:00]
Running from: c:\documents and settings\Ja\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Ja\Local Settings\Data aplikací\itmugann.exe
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 06:32 . 2012-07-19 06:38 -------- d--h--w- c:\windows\$hf_mig$
2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- C:\rsit
2012-07-15 08:26 . 2012-07-18 14:26 -------- d-----w- c:\program files\trend micro
2012-07-02 12:40 . 2012-07-02 12:40 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\McAfee
2012-06-30 10:01 . 2012-06-30 10:01 -------- d-----w- c:\program files\Panasonic
2012-06-25 19:00 . 2012-06-25 19:00 -------- d-----w- c:\windows\system32\NtmsData
2012-06-25 18:59 . 2012-06-25 18:59 -------- d-----w- c:\documents and settings\Ja\Data aplikací\Avira
2012-06-25 18:53 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 18:53 . 2012-06-25 18:53 -------- d-----w- c:\program files\Avira
2012-06-25 18:53 . 2012-06-25 18:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-06-25 18:53 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 18:18 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-02-13 17:47 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-02-13 17:47 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-02-13 17:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-02-13 17:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-02-13 17:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 18:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 18:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-02-13 17:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-02-13 17:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-02-15 09:40 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-02-15 09:40 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2007-07-30 18:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-04-24 22:32 . 2009-08-22 20:37 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2004-08-26 19:56 . 2004-08-26 19:56 837120 ----a-w- c:\program files\did_nem.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Ja\Nabídka Start\Programy\Po spuštění\
Automatické vypnutí počítače.lnk - c:\program files\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ja^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ja\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 15:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-16 01:42 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Software\\HRY\\Valve\\hl.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Software\\Ares\\Ares.exe"=
"d:\\Software\\HRY\\cs source\\CSS\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Software\\winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Software\\Fire fox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28. 9. 2008 16:04 682232]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25. 6. 2012 20:53 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25. 6. 2012 20:53 86224]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\Ja\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\Ja\LOCALS~1\Temp\EverestDriver.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 14:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\software\MSOFFI~1\Office12\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\software\Fire fox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LoudMo Contextual Ad Assistant: {66822507-a6f9-9e39-e658-97ba12dc5f8f} - d:\software\Fire fox\extensions\{66822507-a6f9-9e39-e658-97ba12dc5f8f}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: isoHunt Toolbar: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - %profile%\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-19 14:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\"c:\\Program Files\\Lavalys\\EVEREST Ultimate Edition\\everest.exe\""=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\¤á*•‘|\comctl32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\č*•‘|\COMCTL32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\ěę*•‘|\comctl32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540884"=dword:00000001
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\Üí*•‘|\COMCTL32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
Completion time: 2012-07-19 14:49:10
ComboFix-quarantined-files.txt 2012-07-19 12:48
.
Pre-Run: 2 098 335 744
Post-Run: 2 071 924 736
.
- - End Of File - - BFF7B94F5CAA06D7F385AF1752FAEA42

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\¤á*•‘|\comctl32.dll]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\č*•‘|\COMCTL32.dll]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\ěę*•‘|\comctl32.dll]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\Üí*•‘|\COMCTL32.dll]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Dakujem, prikladam log z combofixu
Viem že to je ťažká otázka, ale je možné zistiť z akej stránky som sa infikoval?
Vírus mi totiž nabehol práve pri prezeraní youtube, čo pokladám za bezpečnú stránku,
prípadne prosím o nejakú radu ako sa lepšie chrániť, musím konštatovať, že zakiaľ som mal starú verziu Aviry v kombinácii s
Spy bot (avira neobsahovala anti spyware)
počas4 rokov som nemal žiadny vírus, každý zachytila. Odkedy som ju updatoval na novú verziu, sú len problémy.
Nebude lepší Avast? Ak mi tu znova vybehne security shield tak asi prejdem na ubuntu.. Díky za rady.

ComboFix 12-07-19.01 - Ja . 07. 2012 19:55:31.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1029.18.1023.673 [GMT 2:00]
Running from: c:\documents and settings\Ja\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Ja\Plocha\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 06:32 . 2012-07-19 06:38 -------- d--h--w- c:\windows\$hf_mig$
2012-07-18 14:25 . 2012-07-18 14:26 -------- d-----w- C:\rsit
2012-07-15 08:26 . 2012-07-18 14:26 -------- d-----w- c:\program files\trend micro
2012-07-02 12:40 . 2012-07-02 12:40 -------- d-----w- c:\documents and settings\NetworkService\Data aplikací\McAfee
2012-06-30 10:01 . 2012-06-30 10:01 -------- d-----w- c:\program files\Panasonic
2012-06-25 19:00 . 2012-06-25 19:00 -------- d-----w- c:\windows\system32\NtmsData
2012-06-25 18:59 . 2012-06-25 18:59 -------- d-----w- c:\documents and settings\Ja\Data aplikací\Avira
2012-06-25 18:53 . 2012-04-16 19:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-25 18:53 . 2012-06-25 18:53 -------- d-----w- c:\program files\Avira
2012-06-25 18:53 . 2012-06-25 18:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2012-06-25 18:53 . 2012-04-27 08:20 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 18:18 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-02-13 17:47 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-02-13 17:47 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-02-13 17:47 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-02-13 17:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-02-13 17:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 18:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 18:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-02-13 17:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-02-13 17:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-02-15 09:40 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-02-15 09:40 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2007-07-30 18:18 214256 ----a-w- c:\windows\system32\muweb.dll
2012-04-24 22:32 . 2009-08-22 20:37 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2004-08-26 19:56 . 2004-08-26 19:56 837120 ----a-w- c:\program files\did_nem.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Ja\Nabídka Start\Programy\Po spuštění\
Automatické vypnutí počítače.lnk - c:\program files\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ja^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Ja\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 15:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-01-16 01:42 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Software\\HRY\\Valve\\hl.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\Software\\Ares\\Ares.exe"=
"d:\\Software\\HRY\\cs source\\CSS\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Software\\winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Software\\Fire fox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28. 9. 2008 16:04 682232]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25. 6. 2012 20:53 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25. 6. 2012 20:53 86224]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\Ja\LOCALS~1\Temp\EverestDriver.sys --> c:\docume~1\Ja\LOCALS~1\Temp\EverestDriver.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 14:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 15:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\software\MSOFFI~1\Office12\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files\Free Download Manager\dlall.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Ja\Data aplikací\Mozilla\Firefox\Profiles\79j90jeh.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - google.sk
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\software\Fire fox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: LoudMo Contextual Ad Assistant: {66822507-a6f9-9e39-e658-97ba12dc5f8f} - d:\software\Fire fox\extensions\{66822507-a6f9-9e39-e658-97ba12dc5f8f}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - d:\software\Fire fox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: isoHunt Toolbar: {a6e4a4eb-d169-4e99-8988-250fcbafe767} - %profile%\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-19 20:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\"c:\\Program Files\\Lavalys\\EVEREST Ultimate Edition\\everest.exe\""=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\¤á*•‘|\comctl32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\č*•‘|\COMCTL32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\ěę*•‘|\comctl32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540884"=dword:00000001
"000600000b540ba6"=dword:00000001
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\MUILanguages\FileVersions\Üí*•‘|\COMCTL32.dll]
"MUIVer"=hex(b):52,04,f0,0a,00,00,06,00
"000600000b540ba6"=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-19 20:02:12
ComboFix-quarantined-files.txt 2012-07-19 18:02
ComboFix2.txt 2012-07-19 12:49
.
Pre-Run: 2 073 776 128
Post-Run: 2 060 619 776
.
- - End Of File - - B99084753233DFFEE3EBD9ED17434338

Log je již OK. Myslím, že v Aviře to nebude. Zkrátka se pohybujete a klikáte na něco (někde, kde se ten prevít vyskytuje) co ho stáhne k vám do PC. Avasta můžete klidně vyzkoušet, myslím ale, že v tom problém není.

VIRY.CZ

Secirity Shield 2012 - znovu napadnutý :(

Secirity Shield 2012 - znovu napadnutý :(

Re: Secirity Shield 2012 - znovu napadnutý :(

Re: Secirity Shield 2012 - znovu napadnutý :(

Re: Secirity Shield 2012 - znovu napadnutý :(

Re: Secirity Shield 2012 - znovu napadnutý :(

Re: Secirity Shield 2012 - znovu napadnutý :(