VIRY.CZ

Pri dnešnom zapnutí PC mi vyskočil nejaký error s msiigk32.dll a následne aj Avira vyhodila hlášku Virus or unwanted program 'TR/Crypt.XPACK.Gen8 [trojan]'
detected in file 'C:\Windows\System32\msiigk32.dll.
Action performed: Deny access ... tak by som poprosil o kontrolu


Logfile of random's system information tool 1.09 (written by random/random)
Run by Roman at 2012-09-20 18:16:30
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 604 GB (63%) free of 954 GB
Total RAM: 3326 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:17:00, on 20. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Roman\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Roman.exe
C:\Windows\system32\taskeng.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ToolboxFX] "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [MSIDLL] rundll32.exe msiigk32.dll,yybapZcahmKC
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{056120B9-4050-4E1A-BB6C-9B3E1075A08D}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{056120B9-4050-4E1A-BB6C-9B3E1075A08D}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{056120B9-4050-4E1A-BB6C-9B3E1075A08D}: NameServer = 8.8.4.4,8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 10151 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default

prefs.js - "browser.startup.homepage" - "http://www.facebook.com/"

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35]
"Description"=
"Path"=C:\Windows\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72]
"Description"=15.0.2.72
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/vbp;version=0.9.18]
"Description"=Veetle Broadcaster Plugin
"Path"=C:\Program Files\Veetle\VLCBroadcast\npvbp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
nppl3260.dll
nppl3260.xpt
nprjplug.dll
nprpjplug.dll
nsjsrealplayerplugin.xpt
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default\extensions\
toolbar@ask.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{f999a48b-1950-4d81-9971-79018f807b4b}

C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default\searchplugins\
burst-files.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-04-07 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-28 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06 1519304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-28 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-06-06 1519304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-09-15 7739936]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-04-27 336384]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-02-01 446392]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
"TkBellExe"=C:\Program Files\Real\RealPlayer\Update\realsched.exe [2012-04-07 296056]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-02-22 1073312]
"ToolboxFX"=C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [2010-10-25 58936]
"HP LaserJet Professional CM1410 Series Fax"=C:\Program Files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [2010-08-24 2459192]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-08-08 348664]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-06-06 1564872]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2012-05-31 445624]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Google Update"=C:\Users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 116648]
"Xvid"=C:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192]
"MSIDLL"=msiigk32.dll,yybapZcahmKC []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2012-08-08 348664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-09-25 203776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
""=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Rodokmen Pro\Rodokmen.Pro.v2.1.1.CZECH.keygen.exe"="C:\Program Files\Rodokmen Pro\Rodokmen.Pro.v2.1.1.CZECH.keygen.exe:*:Enabled:Rodokmen.Pro.v2.1.1.CZECH.keygen"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.divx"=divx.dll
"vidc.yv12"=divx.dll
"vidc.ffds"=ff_vfw.dll
"msacm.ac3filter"=ac3filter.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.vorbis"=vorbis.acm
"vidc.tscc"=C:\Windows\system32\tsccvid.dll
"vidc.tsc2"=C:\Windows\system32\tsc2_codec32.dll
"vidc.mjpg"=bdmjpeg.dll
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm
"VIDC.X264"=x264vfw.dll
"vidc.CSCD"=camcodec.dll
"msacm.avis"=ff_acm.acm
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-09-20 18:16:30 ----D---- C:\rsit
2012-09-19 20:59:17 ----A---- C:\Windows\system32\msiigk32.dll
2012-09-19 16:49:30 ----D---- C:\Users\Roman\AppData\Roaming\VeskrnaMartin
2012-09-19 16:49:22 ----D---- C:\Program Files\Rodokmen Pro
2012-09-12 16:14:36 ----SHD---- C:\ProgramData\DSS
2012-09-12 15:17:24 ----A---- C:\Windows\system32\drivers\tcpip.sys
2012-09-12 15:17:24 ----A---- C:\Windows\system32\drivers\rndismpx.sys
2012-09-12 15:17:24 ----A---- C:\Windows\system32\drivers\RNDISMP.sys
2012-09-12 15:17:24 ----A---- C:\Windows\system32\drivers\netio.sys
2012-09-12 15:17:24 ----A---- C:\Windows\system32\drivers\ndis.sys
2012-09-12 15:17:24 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 15:17:23 ----A---- C:\Windows\system32\d3d10level9.dll
2012-09-11 17:54:24 ----D---- C:\Users\Roman\AppData\Roaming\Origin
2012-09-11 17:54:24 ----D---- C:\Program Files\Origin Games
2012-09-11 17:53:26 ----D---- C:\Program Files\Origin
2012-09-11 17:51:07 ----D---- C:\ProgramData\Origin
2012-09-09 14:38:55 ----D---- C:\Program Files\Autodesk
2012-09-09 14:38:05 ----D---- C:\Program Files\Common Files\Autodesk Shared
2012-09-08 15:14:11 ----D---- C:\Autodesk
2012-09-06 19:35:41 ----D---- C:\ProgramData\FLEXnet
2012-09-06 19:27:48 ----D---- C:\Program Files\Common Files\Macrovision Shared
2012-09-06 19:22:12 ----D---- C:\Users\Roman\AppData\Roaming\Autodesk
2012-09-06 19:22:12 ----D---- C:\ProgramData\Autodesk
2012-09-02 11:58:04 ----A---- C:\Windows\system32\javaws.exe
2012-09-02 11:58:04 ----A---- C:\Windows\system32\javaw.exe
2012-09-02 11:58:04 ----A---- C:\Windows\system32\java.exe
2012-08-28 20:18:58 ----D---- C:\Program Files\Tunatic
2012-08-28 20:11:49 ----D---- C:\Program Files\SopCast
2012-08-27 18:13:53 ----D---- C:\Program Files\BSR Screen Recorder 5
2012-08-27 18:11:33 ----A---- C:\Windows\system32\xvidvfw.dll
2012-08-27 18:11:33 ----A---- C:\Windows\system32\xvidcore.dll
2012-08-27 18:11:32 ----D---- C:\Program Files\Xvid
2012-08-27 18:07:48 ----D---- C:\Fraps
2012-08-26 21:22:03 ----A---- C:\Windows\camcodec100.ini
2012-08-26 21:18:49 ----A---- C:\Windows\system32\unins000.exe
2012-08-26 21:18:49 ----A---- C:\Windows\system32\unins000.dat
2012-08-26 21:17:26 ----D---- C:\Program Files\CamStudio 2.6b
2012-08-26 21:17:26 ----A---- C:\Windows\system32\CamCodec.dll
2012-08-26 21:06:30 ----D---- C:\Program Files\ZD Soft
2012-08-26 20:51:42 ----D---- C:\Program Files\Bandicam
2012-08-26 20:50:04 ----D---- C:\Program Files\DivX H.264 decoder
2012-08-25 13:05:10 ----D---- C:\Users\Roman\AppData\Roaming\BANDISOFT
2012-08-25 13:05:02 ----D---- C:\Program Files\BandiMPEG1
2012-08-24 22:28:36 ----D---- C:\Users\Roman\AppData\Roaming\Solveig Multimedia
2012-08-24 22:25:16 ----D---- C:\Program Files\HyperCam 3
2012-08-24 15:25:04 ----A---- C:\Windows\system32\npdeployJava1.dll
2012-08-24 15:24:59 ----D---- C:\Program Files\Java
2012-08-24 15:24:11 ----D---- C:\ProgramData\McAfee

======List of files/folders modified in the last 1 month======

2012-09-20 18:16:41 ----D---- C:\Windows\Prefetch
2012-09-20 18:16:35 ----D---- C:\Windows\temp
2012-09-20 18:16:32 ----D---- C:\Program Files\trend micro
2012-09-20 18:13:51 ----D---- C:\Windows\system32\Tasks
2012-09-20 15:53:21 ----D---- C:\Windows\system32\config
2012-09-20 15:01:52 ----D---- C:\Users\Roman\AppData\Roaming\Skype
2012-09-20 13:57:13 ----D---- C:\Windows\System32
2012-09-20 13:57:13 ----D---- C:\Windows\inf
2012-09-20 13:57:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-20 13:53:54 ----SHD---- C:\Windows\Installer
2012-09-19 22:27:55 ----SHD---- C:\System Volume Information
2012-09-19 21:06:42 ----D---- C:\Windows\system32\FxsTmp
2012-09-19 16:49:25 ----RSD---- C:\Windows\Fonts
2012-09-19 16:49:22 ----RD---- C:\Program Files
2012-09-18 15:11:37 ----D---- C:\Windows\system32\NDF
2012-09-16 18:00:21 ----D---- C:\Windows\system32\drivers
2012-09-13 10:50:16 ----D---- C:\Windows\winsxs
2012-09-12 22:15:02 ----D---- C:\Windows\system32\DriverStore
2012-09-12 16:34:42 ----D---- C:\Windows\debug
2012-09-12 16:34:42 ----A---- C:\Windows\system32\MRT.exe
2012-09-12 16:34:31 ----D---- C:\ProgramData\Microsoft Help
2012-09-12 16:33:51 ----D---- C:\Windows\system32\catroot
2012-09-12 16:33:32 ----D---- C:\Windows\system32\catroot2
2012-09-12 16:14:36 ----D---- C:\ProgramData
2012-09-12 16:13:51 ----HD---- C:\Program Files\Common Files\EAInstaller
2012-09-12 16:13:32 ----RSD---- C:\Windows\assembly
2012-09-12 15:11:40 ----D---- C:\Windows
2012-09-11 17:51:30 ----D---- C:\Users\Roman\AppData\Roaming\uTorrent
2012-09-09 15:58:22 ----D---- C:\Windows\Microsoft.NET
2012-09-09 14:38:05 ----D---- C:\Program Files\Common Files
2012-09-07 16:53:33 ----D---- C:\Qoobox
2012-09-06 20:56:09 ----D---- C:\Windows\Logs
2012-09-06 20:31:08 ----AD---- C:\ProgramData\TEMP
2012-09-06 19:29:23 ----D---- C:\Windows\Downloaded Program Files
2012-09-01 21:34:59 ----D---- C:\Users\Roman\AppData\Roaming\gtk-2.0
2012-08-28 20:24:53 ----A---- C:\Windows\system32\deployJava1.dll
2012-08-27 20:05:25 ----D---- C:\ProgramData\Adobe
2012-08-27 20:04:20 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-08-26 11:04:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-25 16:36:06 ----D---- C:\Program Files\Mozilla Firefox
2012-08-25 16:07:14 ----D---- C:\Program Files\Sony
2012-08-25 16:06:49 ----D---- C:\Users\Roman\AppData\Roaming\Sony
2012-08-24 22:23:55 ----D---- C:\Windows\Resources
2012-08-22 20:58:44 ----A---- C:\Windows\system32\ff_vfw.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 14392]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-04-27 137928]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-17 239168]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-04-25 83392]
R3 amdiox86;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-27 7770624]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-27 242176]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-09-15 2772192]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AODDriver4.0;AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-09-30 104976]
S3 AVFSFilter;AVFSFilter; C:\Windows\system32\DRIVERS\avfsfilter.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Roman\AppData\Local\Temp\catchme.sys []
S3 CFcatchme;CFcatchme; \??\C:\Users\Roman\AppData\Local\Temp\CFcatchme.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2012-08-02 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2012-08-02 25200]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-09-27 25280]
S3 HPFXBULKLEDM;HPFXBULKLEDM; C:\Windows\system32\drivers\hppcbulkio.sys [2010-10-03 20504]
S3 HPFXFAX;HPFXFAX; C:\Windows\system32\drivers\hppcfaxio.sys [2010-12-08 21528]
S3 ManyCam;ManyCam Virtual Webcam; C:\Windows\system32\DRIVERS\mcvidrv.sys [2012-01-11 32000]
S3 mcaudrv_simple;ManyCam Virtual Microphone; C:\Windows\system32\drivers\mcaudrv.sys [2012-02-22 22400]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-06-24 159776]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM); C:\Windows\system32\DRIVERS\s1029bus.sys [2009-05-25 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1029mdfl.sys [2009-05-25 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1029mdm.sys [2009-05-25 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1029mgmt.sys [2009-05-25 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1029nd5.sys [2009-05-25 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1029obex.sys [2009-05-25 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1029unic.sys [2009-05-25 116904]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-27 176128]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-27 294400]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-11-05 66872]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HP LaserJet Service;HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-09-06 1044816]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 113120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Poprosím o log Combofix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 12-09-20.02 - Roman . 09. 2012 19:48:55.4.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3326.2155 [GMT 2:00]
Running from: c:\users\Roman\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\rlservice.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))
.
.
2012-09-20 17:55 . 2012-09-20 17:57 -------- d-----w- c:\users\Roman\AppData\Local\temp
2012-09-20 17:55 . 2012-09-20 17:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-20 17:55 . 2012-09-20 17:55 -------- d-----w- c:\users\Mama\AppData\Local\temp
2012-09-20 17:55 . 2012-09-20 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 16:16 . 2012-09-20 16:17 -------- d-----w- C:\rsit
2012-09-19 18:59 . 2012-09-19 18:59 178176 ----a-w- c:\windows\system32\msiigk32.dll
2012-09-19 14:49 . 2012-09-19 14:49 -------- d-----w- c:\users\Roman\AppData\Roaming\VeskrnaMartin
2012-09-19 14:49 . 2012-09-19 19:05 -------- d-----w- c:\program files\Rodokmen Pro
2012-09-12 14:14 . 2012-09-12 14:14 -------- d-sh--w- c:\programdata\DSS
2012-09-12 13:17 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:17 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:17 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:17 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:17 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:17 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 13:17 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 18:36 . 2012-09-11 18:36 -------- d-----w- c:\users\Mama\AppData\Local\cache
2012-09-11 18:35 . 2012-09-11 18:36 -------- d-----w- c:\users\Mama\AppData\Roaming\Autodesk
2012-09-11 15:54 . 2012-09-12 13:57 -------- d-----w- c:\program files\Origin Games
2012-09-11 15:54 . 2012-09-12 13:54 -------- d-----w- c:\users\Roman\AppData\Roaming\Origin
2012-09-11 15:54 . 2012-09-11 15:54 -------- d-----w- c:\users\Roman\AppData\Local\Origin
2012-09-11 15:53 . 2012-09-11 15:54 -------- d-----w- c:\program files\Origin
2012-09-11 15:51 . 2012-09-12 13:57 -------- d-----w- c:\programdata\Origin
2012-09-09 12:38 . 2012-09-09 12:44 -------- d-----w- c:\program files\Autodesk
2012-09-09 12:38 . 2012-09-09 12:45 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-09-08 13:14 . 2012-09-09 13:13 -------- d-----w- C:\Autodesk
2012-09-06 18:32 . 2012-09-09 13:12 -------- d-----w- c:\users\Roman\AppData\Local\cache
2012-09-06 17:42 . 2012-09-11 18:35 -------- d-----w- c:\users\Mama\AppData\Local\Autodesk
2012-09-06 17:35 . 2012-09-06 17:35 -------- d-----w- c:\programdata\FLEXnet
2012-09-06 17:27 . 2012-09-06 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-09-06 17:27 . 2012-09-06 19:29 -------- d-----w- c:\users\Roman\AppData\Local\Autodesk
2012-09-06 17:22 . 2012-09-09 12:44 -------- d-----w- c:\programdata\Autodesk
2012-09-06 17:22 . 2012-09-09 12:39 -------- d-----w- c:\users\Roman\AppData\Roaming\Autodesk
2012-08-28 18:18 . 2012-08-28 18:18 -------- d-----w- c:\program files\Tunatic
2012-08-28 18:11 . 2012-08-28 18:11 -------- d-----w- c:\program files\SopCast
2012-08-28 15:09 . 2012-08-28 15:09 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-08-27 16:13 . 2012-08-27 16:26 -------- d-----w- c:\users\Roman\AppData\Local\Bulents
2012-08-27 16:13 . 2012-08-27 16:26 -------- d-----w- c:\program files\BSR Screen Recorder 5
2012-08-27 16:11 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-08-27 16:11 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2012-08-27 16:11 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-08-27 16:11 . 2012-08-27 16:11 -------- d-----w- c:\program files\Xvid
2012-08-27 16:07 . 2012-08-27 16:08 -------- d-----w- C:\Fraps
2012-08-26 19:35 . 2012-08-22 18:56 47616 ----a-w- c:\windows\system32\ff_acm.acm
2012-08-26 19:18 . 2012-08-26 19:18 695578 ----a-w- c:\windows\system32\unins000.exe
2012-08-26 19:17 . 2012-08-26 19:17 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-26 19:17 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-08-26 19:06 . 2012-08-26 19:14 -------- d-----w- c:\program files\ZD Soft
2012-08-26 18:51 . 2012-08-26 18:51 -------- d-----w- c:\program files\Bandicam
2012-08-26 18:50 . 2012-08-26 18:50 -------- d-----w- c:\program files\DivX H.264 decoder
2012-08-25 11:05 . 2012-08-25 11:05 -------- d-----w- c:\users\Roman\AppData\Roaming\BANDISOFT
2012-08-25 11:05 . 2012-08-26 18:51 -------- d-----w- c:\program files\BandiMPEG1
2012-08-24 20:28 . 2012-08-25 11:00 -------- d-----w- c:\users\Roman\AppData\Roaming\Solveig Multimedia
2012-08-24 20:25 . 2012-08-25 11:00 -------- d-----w- c:\program files\HyperCam 3
2012-08-24 13:25 . 2012-08-28 18:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-24 13:24 . 2012-09-02 09:58 -------- d-----w- c:\program files\Java
2012-08-24 13:24 . 2012-08-24 13:24 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2011-11-10 20:22 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 18:04 . 2012-03-31 09:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 18:04 . 2011-09-25 12:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 18:58 . 2011-07-19 19:08 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-08-14 06:54 . 2012-08-14 06:54 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-02 14:53 . 2012-08-02 14:53 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-08-02 14:53 . 2012-08-02 14:53 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-08-02 14:53 . 2012-08-02 14:53 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-18 17:47 . 2012-08-15 21:09 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-15 21:08 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 21:08 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-30 19:39 . 2012-06-30 19:39 406528 ----a-w- c:\windows\system32\ReWire.dll
2012-06-30 19:39 . 2012-06-30 19:39 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2012-06-29 15:48 . 2011-11-05 13:25 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-29 15:48 . 2012-06-29 15:48 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-29 00:16 . 2012-08-15 23:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-15 23:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-15 23:17 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 23:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 23:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 13:31 . 2012-06-25 13:31 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-06-25 13:31 . 2012-06-25 13:31 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-08-25 14:36 . 2011-09-25 12:29 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"MSIDLL"="msiigk32.dll" [2012-09-19 178176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-15 7739936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-27 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-01 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-04-07 296056]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 2459192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-08-08 17:09 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 CFcatchme;CFcatchme;c:\users\Roman\AppData\Local\Temp\CFcatchme.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:04]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:32]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
- c:\users\Roman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 09:32]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
- c:\users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 18:28]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job
- c:\users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 18:28]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
TCP: Interfaces\{056120B9-4050-4E1A-BB6C-9B3E1075A08D}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: browser.search.selectedEngine - Burst Files
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mixxx (1.10.0) - c:\program files\Mix\UninstallMixxx.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Completion time: 2012-09-20 19:58:53
ComboFix-quarantined-files.txt 2012-09-20 17:58
.
Pre-Run: 635 943 174 144 bytes free
Post-Run: 636 304 277 504 bytes free
.
- - End Of File - - 87D1EE9EE518D5DF6B4757DB411F2EC5

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job

Collect::
c:\windows\system32\msiigk32.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSIDLL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Prečistené + log


ComboFix 12-09-20.02 - Roman . 09. 2012 15:09:42.5.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3326.2210 [GMT 2:00]
Running from: c:\users\Roman\Desktop\ComboFix.exe
Command switches used :: c:\users\Roman\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job"
.
file zipped: c:\windows\system32\msiigk32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msiigk32.dll
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1288046891-744878920-3793059904-1005UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-08-21 to 2012-09-21 )))))))))))))))))))))))))))))))
.
.
2012-09-21 13:17 . 2012-09-21 13:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-21 13:17 . 2012-09-21 13:17 -------- d-----w- c:\users\Mama\AppData\Local\temp
2012-09-21 13:17 . 2012-09-21 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 17:58 . 2012-09-21 13:19 -------- d-----w- c:\users\Roman\AppData\Local\temp
2012-09-20 16:16 . 2012-09-20 16:17 -------- d-----w- C:\rsit
2012-09-19 14:49 . 2012-09-19 14:49 -------- d-----w- c:\users\Roman\AppData\Roaming\VeskrnaMartin
2012-09-19 14:49 . 2012-09-19 19:05 -------- d-----w- c:\program files\Rodokmen Pro
2012-09-12 14:14 . 2012-09-12 14:14 -------- d-sh--w- c:\programdata\DSS
2012-09-12 13:17 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:17 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:17 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:17 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 13:17 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:17 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 13:17 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 18:36 . 2012-09-11 18:36 -------- d-----w- c:\users\Mama\AppData\Local\cache
2012-09-11 18:35 . 2012-09-11 18:36 -------- d-----w- c:\users\Mama\AppData\Roaming\Autodesk
2012-09-11 15:54 . 2012-09-12 13:57 -------- d-----w- c:\program files\Origin Games
2012-09-11 15:54 . 2012-09-12 13:54 -------- d-----w- c:\users\Roman\AppData\Roaming\Origin
2012-09-11 15:54 . 2012-09-11 15:54 -------- d-----w- c:\users\Roman\AppData\Local\Origin
2012-09-11 15:53 . 2012-09-11 15:54 -------- d-----w- c:\program files\Origin
2012-09-11 15:51 . 2012-09-12 13:57 -------- d-----w- c:\programdata\Origin
2012-09-09 12:38 . 2012-09-09 12:44 -------- d-----w- c:\program files\Autodesk
2012-09-09 12:38 . 2012-09-09 12:45 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-09-08 13:14 . 2012-09-09 13:13 -------- d-----w- C:\Autodesk
2012-09-06 18:32 . 2012-09-09 13:12 -------- d-----w- c:\users\Roman\AppData\Local\cache
2012-09-06 17:42 . 2012-09-11 18:35 -------- d-----w- c:\users\Mama\AppData\Local\Autodesk
2012-09-06 17:35 . 2012-09-06 17:35 -------- d-----w- c:\programdata\FLEXnet
2012-09-06 17:27 . 2012-09-06 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-09-06 17:27 . 2012-09-06 19:29 -------- d-----w- c:\users\Roman\AppData\Local\Autodesk
2012-09-06 17:22 . 2012-09-09 12:44 -------- d-----w- c:\programdata\Autodesk
2012-09-06 17:22 . 2012-09-09 12:39 -------- d-----w- c:\users\Roman\AppData\Roaming\Autodesk
2012-08-28 18:18 . 2012-08-28 18:18 -------- d-----w- c:\program files\Tunatic
2012-08-28 18:11 . 2012-08-28 18:11 -------- d-----w- c:\program files\SopCast
2012-08-28 15:09 . 2012-08-28 15:09 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-08-27 16:13 . 2012-08-27 16:26 -------- d-----w- c:\users\Roman\AppData\Local\Bulents
2012-08-27 16:13 . 2012-08-27 16:26 -------- d-----w- c:\program files\BSR Screen Recorder 5
2012-08-27 16:11 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-08-27 16:11 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2012-08-27 16:11 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-08-27 16:11 . 2012-08-27 16:11 -------- d-----w- c:\program files\Xvid
2012-08-27 16:07 . 2012-08-27 16:08 -------- d-----w- C:\Fraps
2012-08-26 19:35 . 2012-08-22 18:56 47616 ----a-w- c:\windows\system32\ff_acm.acm
2012-08-26 19:18 . 2012-08-26 19:18 695578 ----a-w- c:\windows\system32\unins000.exe
2012-08-26 19:17 . 2012-08-26 19:17 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-26 19:17 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-08-26 19:06 . 2012-08-26 19:14 -------- d-----w- c:\program files\ZD Soft
2012-08-26 18:51 . 2012-08-26 18:51 -------- d-----w- c:\program files\Bandicam
2012-08-26 18:50 . 2012-08-26 18:50 -------- d-----w- c:\program files\DivX H.264 decoder
2012-08-25 11:05 . 2012-08-25 11:05 -------- d-----w- c:\users\Roman\AppData\Roaming\BANDISOFT
2012-08-25 11:05 . 2012-08-26 18:51 -------- d-----w- c:\program files\BandiMPEG1
2012-08-24 20:28 . 2012-08-25 11:00 -------- d-----w- c:\users\Roman\AppData\Roaming\Solveig Multimedia
2012-08-24 20:25 . 2012-08-25 11:00 -------- d-----w- c:\program files\HyperCam 3
2012-08-24 13:25 . 2012-08-28 18:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-24 13:24 . 2012-09-02 09:58 -------- d-----w- c:\program files\Java
2012-08-24 13:24 . 2012-08-24 13:24 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 18:24 . 2011-11-10 20:22 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 18:04 . 2012-03-31 09:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 18:04 . 2011-09-25 12:37 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 18:58 . 2011-07-19 19:08 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-08-14 06:54 . 2012-08-14 06:54 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-02 14:53 . 2012-08-02 14:53 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-08-02 14:53 . 2012-08-02 14:53 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-08-02 14:53 . 2012-08-02 14:53 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-18 17:47 . 2012-08-15 21:09 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-15 21:08 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 21:08 102912 ----a-w- c:\windows\system32\browser.dll
2012-06-30 19:39 . 2012-06-30 19:39 406528 ----a-w- c:\windows\system32\ReWire.dll
2012-06-30 19:39 . 2012-06-30 19:39 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2012-06-29 15:48 . 2011-11-05 13:25 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-06-29 15:48 . 2012-06-29 15:48 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-06-29 00:16 . 2012-08-15 23:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-15 23:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-15 23:17 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 23:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 23:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 13:31 . 2012-06-25 13:31 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-06-25 13:31 . 2012-06-25 13:31 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-08-25 14:36 . 2011-09-25 12:29 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-15 7739936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-27 336384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-02-01 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-04-07 296056]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-02-22 1073312]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 2459192]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-08-08 17:09 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 CFcatchme;CFcatchme;c:\users\Roman\AppData\Local\Temp\CFcatchme.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppcfaxio.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 18:04]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
TCP: Interfaces\{056120B9-4050-4E1A-BB6C-9B3E1075A08D}: NameServer = 8.8.4.4,8.8.8.8
FF - ProfilePath - c:\users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\dqmr1v5v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: browser.search.selectedEngine - Burst Files
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-21 15:22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-21 13:22
ComboFix2.txt 2012-09-20 17:58
.
Pre-Run: 638 702 370 816 bytes free
Post-Run: 638 627 602 432 bytes free
.
- - End Of File - - DE30E52810423DD843FD96A4884A9F89
Upload was successful

Log již vypadá čistý. Nastala nějaká změna?

V podstate som mal len problém s tým msiigk32.dll , takže zatiaľ je to v pohode

Kn1gu4 píše:V podstate som mal len problém s tým msiigk32.dll , takže zatiaľ je to v pohode

To byl šmejd. To ostatní zbytečnosti. V případě potřeby se ozvěte.