Avira hlásí vir

[pezetking]

Dobrý den, od včerejšího večera Avira hlásí vir Atraps.gen2, který nejde odstranit. Pomohl by mi prosím někdo ?
zde je log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2013-01-24 10:25:14
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 12 GB (15%) free of 82 GB
Total RAM: 2814 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:58, on 24.1.2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Petr\68956435567898775\winsvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Petr\AppData\Local\Temp\3074989721.exe
C:\Users\Petr\75439967573920484\winsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Petr\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Windows Service] C:\Users\Petr\75439967573920484\winsvr.exe
O4 - HKCU\..\Run: [Microsoft Windows Service] C:\Users\Petr\68956435567898775\winsvc.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5495 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\maqgd432.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program File [2012-06-29 6510112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program File [2012-06-29 6510112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program File [2012-06-29 6510112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program File [2012-06-29 6510112]
"StartCCC"=C:\Program File [2012-06-29 6510112]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"SynTPEnh"=C:\Program File [2012-06-29 6510112]
"SunJavaUpdateSched"=C:\Program File [2012-06-29 6510112]
"Adobe ARM"=C:\Program File [2012-06-29 6510112]
"avgnt"=C:\Program File [2012-06-29 6510112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program File [2012-06-29 6510112]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-05-24 125952]
"Facebook Update"=C:\Users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-31 138096]
"Windows Service"=C:\Users\Petr\75439967573920484\winsvr.exe [2013-01-23 208896]
"Microsoft Windows Service"=C:\Users\Petr\68956435567898775\winsvc.exe [2013-01-23 63488]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-23 15:56:02 ----AH---- C:\Users\Petr\AppData\Roaming\f4f4f4f4f.txt
2013-01-21 21:30:55 ----D---- C:\Users\Petr\AppData\Roaming\Malwarebytes
2013-01-21 21:30:25 ----D---- C:\ProgramData\Malwarebytes
2013-01-21 21:30:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-01-21 21:30:23 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-01-21 21:24:43 ----D---- C:\rsit
2013-01-21 21:24:43 ----D---- C:\Program Files\trend micro
2013-01-21 20:39:47 ----AH---- C:\Users\Petr\AppData\Roaming\winsvcns.sys
2013-01-20 22:07:32 ----D---- C:\Program Files\Mozilla Firefox
2013-01-16 15:10:30 ----D---- C:\Program Files\SpeedFan
2013-01-16 10:00:03 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-01-16 10:00:03 ----A---- C:\Windows\system32\javaw.exe
2013-01-16 10:00:03 ----A---- C:\Windows\system32\java.exe
2013-01-16 09:59:08 ----A---- C:\Windows\system32\javaws.exe
2013-01-15 19:17:35 ----D---- C:\Users\Petr\AppData\Roaming\Avira
2013-01-15 19:15:57 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2013-01-15 19:15:55 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2013-01-15 19:15:55 ----A---- C:\Windows\system32\drivers\avipbb.sys
2013-01-15 19:15:55 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2013-01-15 19:15:54 ----D---- C:\ProgramData\Avira
2013-01-15 19:15:54 ----D---- C:\Program Files\Avira
2013-01-15 14:36:53 ----D---- C:\Users\Petr\AppData\Roaming\GHISLER
2013-01-15 14:36:53 ----D---- C:\totalcmd
2013-01-13 10:10:27 ----A---- C:\Windows\system32\drivers\athr.sys
2013-01-12 20:25:32 ----A---- C:\Windows\system32\CmdLineExt.dll
2013-01-12 20:16:13 ----A---- C:\Windows\system32\xactengine2_2.dll
2013-01-12 20:16:12 ----A---- C:\Windows\system32\xinput1_1.dll
2013-01-12 20:16:12 ----A---- C:\Windows\system32\xactengine2_1.dll
2013-01-12 20:15:57 ----A---- C:\Windows\system32\d3dx9_30.dll
2013-01-12 20:15:56 ----A---- C:\Windows\system32\xactengine2_0.dll
2013-01-12 20:15:54 ----A---- C:\Windows\system32\d3dx9_29.dll
2013-01-12 20:15:52 ----A---- C:\Windows\system32\d3dx9_28.dll
2013-01-12 20:15:50 ----A---- C:\Windows\system32\d3dx9_27.dll
2013-01-12 20:15:47 ----A---- C:\Windows\system32\d3dx9_26.dll
2013-01-12 20:15:44 ----A---- C:\Windows\system32\d3dx9_25.dll
2013-01-12 20:15:41 ----A---- C:\Windows\system32\d3dx9_24.dll
2013-01-11 15:42:16 ----D---- C:\Games
2013-01-10 21:11:17 ----D---- C:\Users\Petr\AppData\Roaming\Wargaming.net
2013-01-10 15:35:47 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-01-10 15:35:47 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-01-10 15:35:34 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-01-10 15:35:34 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-01-10 15:35:33 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-01-10 15:35:33 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-01-10 15:35:32 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-01-10 15:35:32 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-01-10 15:35:31 ----A---- C:\Windows\system32\XAudio2_6.dll
2013-01-10 15:35:31 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2013-01-10 15:35:31 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-01-10 15:35:31 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-01-10 15:35:30 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-01-10 15:35:29 ----A---- C:\Windows\system32\xactengine3_5.dll
2013-01-10 15:35:29 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2013-01-10 15:35:28 ----A---- C:\Windows\system32\d3dcsx_42.dll
2013-01-10 15:35:27 ----A---- C:\Windows\system32\d3dx11_42.dll
2013-01-10 15:35:27 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-01-10 15:35:26 ----A---- C:\Windows\system32\D3DX9_42.dll
2013-01-10 15:35:17 ----A---- C:\Windows\system32\d3dx10_41.dll
2013-01-10 15:35:17 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2013-01-10 15:35:16 ----A---- C:\Windows\system32\D3DX9_41.dll
2013-01-10 15:35:15 ----A---- C:\Windows\system32\XAudio2_4.dll
2013-01-10 15:35:15 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-01-10 15:35:15 ----A---- C:\Windows\system32\xactengine3_4.dll
2013-01-10 15:35:15 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2013-01-10 15:34:52 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-01-10 15:34:52 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-01-10 15:34:50 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-01-10 15:34:49 ----A---- C:\Windows\system32\XAudio2_3.dll
2013-01-10 15:34:49 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2013-01-10 15:34:48 ----A---- C:\Windows\system32\xactengine3_3.dll
2013-01-10 15:34:48 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2013-01-10 15:34:47 ----A---- C:\Windows\system32\XAudio2_2.dll
2013-01-10 15:34:47 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2013-01-10 15:34:46 ----A---- C:\Windows\system32\xactengine3_2.dll
2013-01-10 15:34:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-01-10 15:34:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-01-10 15:34:43 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-01-10 15:34:42 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2013-01-10 15:34:41 ----A---- C:\Windows\system32\XAudio2_1.dll
2013-01-10 15:34:41 ----A---- C:\Windows\system32\xactengine3_1.dll
2013-01-10 15:34:40 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2013-01-10 15:33:58 ----A---- C:\Windows\system32\d3dx10_38.dll
2013-01-10 15:33:58 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2013-01-10 15:33:54 ----A---- C:\Windows\system32\D3DX9_38.dll
2013-01-10 15:33:53 ----A---- C:\Windows\system32\XAudio2_0.dll
2013-01-10 15:33:52 ----A---- C:\Windows\system32\xactengine3_0.dll
2013-01-10 15:33:51 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2013-01-10 15:33:51 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2013-01-10 15:33:50 ----A---- C:\Windows\system32\d3dx10_37.dll
2013-01-10 15:33:49 ----A---- C:\Windows\system32\xactengine2_10.dll
2013-01-10 15:33:49 ----A---- C:\Windows\system32\D3DX9_37.dll
2013-01-10 15:33:47 ----A---- C:\Windows\system32\d3dx10_36.dll
2013-01-10 15:33:47 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2013-01-10 15:33:46 ----A---- C:\Windows\system32\d3dx9_36.dll
2013-01-10 15:33:45 ----A---- C:\Windows\system32\xactengine2_9.dll
2013-01-10 15:33:44 ----A---- C:\Windows\system32\d3dx10_35.dll
2013-01-10 15:33:44 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2013-01-10 15:33:43 ----A---- C:\Windows\system32\d3dx9_35.dll
2013-01-10 15:33:42 ----A---- C:\Windows\system32\xactengine2_8.dll
2013-01-10 15:33:42 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2013-01-10 15:33:42 ----A---- C:\Windows\system32\d3dx10_34.dll
2013-01-10 15:33:42 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2013-01-10 15:33:41 ----A---- C:\Windows\system32\d3dx9_34.dll
2013-01-10 15:33:40 ----A---- C:\Windows\system32\xactengine2_7.dll
2013-01-10 15:33:39 ----A---- C:\Windows\system32\d3dx10_33.dll
2013-01-10 15:33:39 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2013-01-10 15:33:38 ----A---- C:\Windows\system32\xactengine2_6.dll
2013-01-10 15:33:38 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-01-10 15:33:36 ----A---- C:\Windows\system32\xactengine2_5.dll
2013-01-10 15:33:35 ----A---- C:\Windows\system32\d3dx10.dll
2013-01-10 15:33:33 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-01-10 15:33:32 ----A---- C:\Windows\system32\xactengine2_4.dll
2013-01-10 15:33:32 ----A---- C:\Windows\system32\x3daudio1_1.dll
2013-01-10 15:33:32 ----A---- C:\Windows\system32\d3dx9_31.dll
2013-01-10 15:33:30 ----A---- C:\Windows\system32\xinput1_2.dll
2013-01-10 15:33:30 ----A---- C:\Windows\system32\xactengine2_3.dll
2013-01-10 15:33:30 ----A---- C:\Windows\system32\x3daudio1_0.dll
2013-01-10 15:31:22 ----D---- C:\Windows\system32\directx
2012-12-26 18:52:11 ----D---- C:\Program Files\Common Files\Windows Live

======List of files/folders modified in the last 1 month======

2013-01-24 10:25:20 ----D---- C:\Windows\Temp
2013-01-24 10:16:08 ----D---- C:\Windows\Prefetch
2013-01-24 08:02:13 ----SHD---- C:\System Volume Information
2013-01-24 07:38:07 ----D---- C:\Windows
2013-01-23 19:03:14 ----D---- C:\Windows\system32\drivers
2013-01-23 06:13:18 ----D---- C:\Windows\System32
2013-01-23 06:13:18 ----D---- C:\Windows\inf
2013-01-23 06:13:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-22 04:02:11 ----D---- C:\Windows\SoftwareDistribution
2013-01-22 03:56:36 ----HD---- C:\ProgramData
2013-01-21 21:30:23 ----RD---- C:\Program Files
2013-01-21 21:17:01 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-21 17:15:30 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2013-01-20 07:47:51 ----D---- C:\Windows\system32\catroot2
2013-01-19 19:04:00 ----D---- C:\Windows\Logs
2013-01-16 23:56:24 ----SHD---- C:\Windows\Installer
2013-01-16 15:11:51 ----SD---- C:\ProgramData\Microsoft
2013-01-16 10:46:45 ----D---- C:\Program Files\The KMPlayer
2013-01-16 10:00:03 ----D---- C:\Program Files\Java
2013-01-15 20:14:55 ----D---- C:\Windows\system32\Tasks
2013-01-15 20:12:31 ----D---- C:\Program Files\Common Files
2013-01-15 20:11:47 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-15 20:06:59 ----D---- C:\Program Files\Elaborate Bytes
2013-01-15 19:16:13 ----D---- C:\Windows\system32\catroot
2013-01-15 19:10:53 ----D---- C:\ProgramData\AVAST Software
2013-01-14 18:49:20 ----RSD---- C:\Windows\assembly
2013-01-13 14:34:40 ----D---- C:\Windows\Minidump
2013-01-13 14:34:40 ----D---- C:\Windows\Debug
2013-01-10 15:36:28 ----D---- C:\Windows\winsxs
2013-01-10 04:51:08 ----A---- C:\Windows\system32\mrt.exe
2013-01-09 18:13:22 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-01-03 20:23:11 ----D---- C:\Users\Petr\AppData\Roaming\gtk-2.0
2012-12-31 11:01:27 ----D---- C:\Windows\Tasks
2012-12-26 18:19:07 ----D---- C:\Windows\system32\wbem
2012-12-26 18:18:23 ----D---- C:\Windows\system32\config
2012-12-26 18:18:13 ----D---- C:\Windows\system32\spool
2012-12-26 18:18:13 ----D---- C:\Windows\system32\Msdtc
2012-12-26 18:18:12 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2012-10-30 199320]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2011-12-14 14352]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2012-10-30 106560]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-10-30 20624]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-11-22 134336]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-11-22 36552]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-11-27 83944]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athw.sys [2011-12-14 1309504]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-14 3844608]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-03-19 22072]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-05-24 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-05-24 83328]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-12-17 1203712]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-05-24 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-05-24 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-05-24 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-05-24 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-05-24 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-05-24 6016]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-05-24 73088]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-05-24 39936]
S4 ErrDev;Ovladače chybového zařízení hardwaru Microsoft; C:\Windows\system32\drivers\errdev.sys [2008-05-24 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-05-24 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program File [2012-06-29 6510112]
R2 AntiVirService;Avira Real-Time Protection; C:\Program File [2012-06-29 6510112]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program File [2012-06-29 6510112]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2011-12-14 692224]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2009-04-08 1377536]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program File [2012-06-29 6510112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program File [2012-06-29 6510112]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program File [2012-06-29 6510112]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[Márty84]

Zdravim

Proc nemate nainstalovany Service Pack 2?



Mate tam previta a ne jednoho.


Vidim tam MBAM. Aktualizujte ho a v nouzovem rezimu udelejte kompletni kontrolu. Vysledky bych rad videl. Predem nic nemazte. http://forum.viry.cz/viewtopic.php?f=29&t=115222

[pezetking]

service pack 2 mi bohužel nešel stáhnout přes windows update, tak sjem tomu bohužel nevěnoval pozornost.
Zde je log z MBAM:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verze: v2013.01.21.07

Windows Vista Service Pack 1 x86 FAT (Nouzový režim)
Internet Explorer 8.0.6001.19088
Petr :: PETR-NB [administrátor]

24.1.2013 11:51:58
MBAM-log-2013-01-24 (12-51-27).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|F:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 359348
Uplynulý čas: 48 minut, 20 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Service (Trojan.Agent) -> Data: C:\Users\Petr\75439967573920484\winsvr.exe -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Service (Trojan.MWF.Gen) -> Data: C:\Users\Petr\68956435567898775\winsvc.exe -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 5
C:\Users\Petr\AppData\Roaming\1db44b5.exe (Trojan.Downloader.IRU) -> Nebyla provedena žádná instrukce.
D:\Nová složka\client (2).bin (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
D:\Nová složka\client.bin (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\Users\Petr\75439967573920484\winsvr.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.
C:\Users\Petr\68956435567898775\winsvc.exe (Trojan.MWF.Gen) -> Nebyla provedena žádná instrukce.

(konec)

[Márty84]

Vsechny nalezy nechte odstranit. Pak sem dejte novy log z RSIT

[pezetking]

Nálezy jsou odstraněny.
A zde je ten log :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Petr at 2013-01-24 19:09:18
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 12 GB (15%) free of 82 GB
Total RAM: 2814 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:09:46, on 24.1.2013
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\PLFSetI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Petr\Downloads\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5142 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\maqgd432.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program File [2012-06-29 6510112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program File [2012-06-29 6510112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program File [2012-06-29 6510112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program File [2012-06-29 6510112]
"StartCCC"=C:\Program File [2012-06-29 6510112]
"PLFSetI"=C:\Windows\PLFSetI.exe [2007-10-23 200704]
"SynTPEnh"=C:\Program File [2012-06-29 6510112]
"SunJavaUpdateSched"=C:\Program File [2012-06-29 6510112]
"Adobe ARM"=C:\Program File [2012-06-29 6510112]
"avgnt"=C:\Program File [2012-06-29 6510112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program File [2012-06-29 6510112]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-05-24 125952]
"Facebook Update"=C:\Users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-31 138096]

C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"msacm.vorbis"=vorbis.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-24 12:50:54 ----D---- C:\Temp
2013-01-24 11:50:17 ----A---- C:\Windows\ntbtlog.txt
2013-01-23 15:56:02 ----AH---- C:\Users\Petr\AppData\Roaming\f4f4f4f4f.txt
2013-01-21 21:30:55 ----D---- C:\Users\Petr\AppData\Roaming\Malwarebytes
2013-01-21 21:30:25 ----D---- C:\ProgramData\Malwarebytes
2013-01-21 21:30:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-01-21 21:30:23 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-01-21 21:24:43 ----D---- C:\rsit
2013-01-21 21:24:43 ----D---- C:\Program Files\trend micro
2013-01-21 20:39:47 ----AH---- C:\Users\Petr\AppData\Roaming\winsvcns.sys
2013-01-20 22:07:32 ----D---- C:\Program Files\Mozilla Firefox
2013-01-16 15:10:30 ----D---- C:\Program Files\SpeedFan
2013-01-16 10:00:03 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-01-16 10:00:03 ----A---- C:\Windows\system32\javaw.exe
2013-01-16 10:00:03 ----A---- C:\Windows\system32\java.exe
2013-01-16 09:59:08 ----A---- C:\Windows\system32\javaws.exe
2013-01-15 19:17:35 ----D---- C:\Users\Petr\AppData\Roaming\Avira
2013-01-15 19:15:57 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2013-01-15 19:15:55 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2013-01-15 19:15:55 ----A---- C:\Windows\system32\drivers\avipbb.sys
2013-01-15 19:15:55 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2013-01-15 19:15:54 ----D---- C:\ProgramData\Avira
2013-01-15 19:15:54 ----D---- C:\Program Files\Avira
2013-01-15 14:36:53 ----D---- C:\Users\Petr\AppData\Roaming\GHISLER
2013-01-15 14:36:53 ----D---- C:\totalcmd
2013-01-13 10:10:27 ----A---- C:\Windows\system32\drivers\athr.sys
2013-01-12 20:25:32 ----A---- C:\Windows\system32\CmdLineExt.dll
2013-01-12 20:16:13 ----A---- C:\Windows\system32\xactengine2_2.dll
2013-01-12 20:16:12 ----A---- C:\Windows\system32\xinput1_1.dll
2013-01-12 20:16:12 ----A---- C:\Windows\system32\xactengine2_1.dll
2013-01-12 20:15:57 ----A---- C:\Windows\system32\d3dx9_30.dll
2013-01-12 20:15:56 ----A---- C:\Windows\system32\xactengine2_0.dll
2013-01-12 20:15:54 ----A---- C:\Windows\system32\d3dx9_29.dll
2013-01-12 20:15:52 ----A---- C:\Windows\system32\d3dx9_28.dll
2013-01-12 20:15:50 ----A---- C:\Windows\system32\d3dx9_27.dll
2013-01-12 20:15:47 ----A---- C:\Windows\system32\d3dx9_26.dll
2013-01-12 20:15:44 ----A---- C:\Windows\system32\d3dx9_25.dll
2013-01-12 20:15:41 ----A---- C:\Windows\system32\d3dx9_24.dll
2013-01-11 15:42:16 ----D---- C:\Games
2013-01-10 21:11:17 ----D---- C:\Users\Petr\AppData\Roaming\Wargaming.net
2013-01-10 15:35:47 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-01-10 15:35:47 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-01-10 15:35:34 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-01-10 15:35:34 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-01-10 15:35:33 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-01-10 15:35:33 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-01-10 15:35:32 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-01-10 15:35:32 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-01-10 15:35:31 ----A---- C:\Windows\system32\XAudio2_6.dll
2013-01-10 15:35:31 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2013-01-10 15:35:31 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-01-10 15:35:31 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-01-10 15:35:30 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-01-10 15:35:29 ----A---- C:\Windows\system32\xactengine3_5.dll
2013-01-10 15:35:29 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2013-01-10 15:35:28 ----A---- C:\Windows\system32\d3dcsx_42.dll
2013-01-10 15:35:27 ----A---- C:\Windows\system32\d3dx11_42.dll
2013-01-10 15:35:27 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-01-10 15:35:26 ----A---- C:\Windows\system32\D3DX9_42.dll
2013-01-10 15:35:17 ----A---- C:\Windows\system32\d3dx10_41.dll
2013-01-10 15:35:17 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2013-01-10 15:35:16 ----A---- C:\Windows\system32\D3DX9_41.dll
2013-01-10 15:35:15 ----A---- C:\Windows\system32\XAudio2_4.dll
2013-01-10 15:35:15 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-01-10 15:35:15 ----A---- C:\Windows\system32\xactengine3_4.dll
2013-01-10 15:35:15 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2013-01-10 15:34:52 ----A---- C:\Windows\system32\d3dx10_40.dll
2013-01-10 15:34:52 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2013-01-10 15:34:50 ----A---- C:\Windows\system32\D3DX9_40.dll
2013-01-10 15:34:49 ----A---- C:\Windows\system32\XAudio2_3.dll
2013-01-10 15:34:49 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2013-01-10 15:34:48 ----A---- C:\Windows\system32\xactengine3_3.dll
2013-01-10 15:34:48 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2013-01-10 15:34:47 ----A---- C:\Windows\system32\XAudio2_2.dll
2013-01-10 15:34:47 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2013-01-10 15:34:46 ----A---- C:\Windows\system32\xactengine3_2.dll
2013-01-10 15:34:45 ----A---- C:\Windows\system32\d3dx10_39.dll
2013-01-10 15:34:45 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2013-01-10 15:34:43 ----A---- C:\Windows\system32\D3DX9_39.dll
2013-01-10 15:34:42 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2013-01-10 15:34:41 ----A---- C:\Windows\system32\XAudio2_1.dll
2013-01-10 15:34:41 ----A---- C:\Windows\system32\xactengine3_1.dll
2013-01-10 15:34:40 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2013-01-10 15:33:58 ----A---- C:\Windows\system32\d3dx10_38.dll
2013-01-10 15:33:58 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2013-01-10 15:33:54 ----A---- C:\Windows\system32\D3DX9_38.dll
2013-01-10 15:33:53 ----A---- C:\Windows\system32\XAudio2_0.dll
2013-01-10 15:33:52 ----A---- C:\Windows\system32\xactengine3_0.dll
2013-01-10 15:33:51 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2013-01-10 15:33:51 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2013-01-10 15:33:50 ----A---- C:\Windows\system32\d3dx10_37.dll
2013-01-10 15:33:49 ----A---- C:\Windows\system32\xactengine2_10.dll
2013-01-10 15:33:49 ----A---- C:\Windows\system32\D3DX9_37.dll
2013-01-10 15:33:47 ----A---- C:\Windows\system32\d3dx10_36.dll
2013-01-10 15:33:47 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2013-01-10 15:33:46 ----A---- C:\Windows\system32\d3dx9_36.dll
2013-01-10 15:33:45 ----A---- C:\Windows\system32\xactengine2_9.dll
2013-01-10 15:33:44 ----A---- C:\Windows\system32\d3dx10_35.dll
2013-01-10 15:33:44 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2013-01-10 15:33:43 ----A---- C:\Windows\system32\d3dx9_35.dll
2013-01-10 15:33:42 ----A---- C:\Windows\system32\xactengine2_8.dll
2013-01-10 15:33:42 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2013-01-10 15:33:42 ----A---- C:\Windows\system32\d3dx10_34.dll
2013-01-10 15:33:42 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2013-01-10 15:33:41 ----A---- C:\Windows\system32\d3dx9_34.dll
2013-01-10 15:33:40 ----A---- C:\Windows\system32\xactengine2_7.dll
2013-01-10 15:33:39 ----A---- C:\Windows\system32\d3dx10_33.dll
2013-01-10 15:33:39 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2013-01-10 15:33:38 ----A---- C:\Windows\system32\xactengine2_6.dll
2013-01-10 15:33:38 ----A---- C:\Windows\system32\d3dx9_33.dll
2013-01-10 15:33:36 ----A---- C:\Windows\system32\xactengine2_5.dll
2013-01-10 15:33:35 ----A---- C:\Windows\system32\d3dx10.dll
2013-01-10 15:33:33 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-01-10 15:33:32 ----A---- C:\Windows\system32\xactengine2_4.dll
2013-01-10 15:33:32 ----A---- C:\Windows\system32\x3daudio1_1.dll
2013-01-10 15:33:32 ----A---- C:\Windows\system32\d3dx9_31.dll
2013-01-10 15:33:30 ----A---- C:\Windows\system32\xinput1_2.dll
2013-01-10 15:33:30 ----A---- C:\Windows\system32\xactengine2_3.dll
2013-01-10 15:33:30 ----A---- C:\Windows\system32\x3daudio1_0.dll
2013-01-10 15:31:22 ----D---- C:\Windows\system32\directx
2012-12-26 18:52:11 ----D---- C:\Program Files\Common Files\Windows Live

======List of files/folders modified in the last 1 month======

2013-01-24 19:09:23 ----D---- C:\Windows\Temp
2013-01-24 19:05:22 ----D---- C:\Windows\Prefetch
2013-01-24 19:04:09 ----D---- C:\Windows\system32\drivers
2013-01-24 19:04:09 ----D---- C:\Windows\SoftwareDistribution
2013-01-24 11:50:17 ----D---- C:\Windows
2013-01-24 08:02:13 ----SHD---- C:\System Volume Information
2013-01-23 06:13:18 ----D---- C:\Windows\System32
2013-01-23 06:13:18 ----D---- C:\Windows\inf
2013-01-23 06:13:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-22 03:56:36 ----HD---- C:\ProgramData
2013-01-21 21:30:23 ----RD---- C:\Program Files
2013-01-21 21:17:01 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-21 17:15:30 ----SD---- C:\Users\Petr\AppData\Roaming\Microsoft
2013-01-20 07:47:51 ----D---- C:\Windows\system32\catroot2
2013-01-19 19:04:00 ----D---- C:\Windows\Logs
2013-01-16 23:56:24 ----SHD---- C:\Windows\Installer
2013-01-16 15:11:51 ----SD---- C:\ProgramData\Microsoft
2013-01-16 10:46:45 ----D---- C:\Program Files\The KMPlayer
2013-01-16 10:00:03 ----D---- C:\Program Files\Java
2013-01-15 20:14:55 ----D---- C:\Windows\system32\Tasks
2013-01-15 20:12:31 ----D---- C:\Program Files\Common Files
2013-01-15 20:11:47 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-15 20:06:59 ----D---- C:\Program Files\Elaborate Bytes
2013-01-15 19:16:13 ----D---- C:\Windows\system32\catroot
2013-01-15 19:10:53 ----D---- C:\ProgramData\AVAST Software
2013-01-14 18:49:20 ----RSD---- C:\Windows\assembly
2013-01-13 14:34:40 ----D---- C:\Windows\Minidump
2013-01-13 14:34:40 ----D---- C:\Windows\Debug
2013-01-10 15:36:28 ----D---- C:\Windows\winsxs
2013-01-10 04:51:08 ----A---- C:\Windows\system32\mrt.exe
2013-01-09 18:13:22 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-01-03 20:23:11 ----D---- C:\Users\Petr\AppData\Roaming\gtk-2.0
2012-12-31 11:01:27 ----D---- C:\Windows\Tasks
2012-12-26 18:19:07 ----D---- C:\Windows\system32\wbem
2012-12-26 18:18:23 ----D---- C:\Windows\system32\config
2012-12-26 18:18:13 ----D---- C:\Windows\system32\spool
2012-12-26 18:18:13 ----D---- C:\Windows\system32\Msdtc
2012-12-26 18:18:12 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2012-10-30 199320]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2011-12-14 14352]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2012-10-30 106560]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-10-30 20624]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-11-22 134336]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-11-22 36552]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2012-08-27 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-11-27 83944]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athw.sys [2011-12-14 1309504]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-14 3844608]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-03-19 22072]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-05-24 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-05-24 83328]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-12-17 1203712]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-05-24 5632]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-05-24 200704]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-05-24 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-05-24 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-05-24 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-05-24 6016]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-05-24 73088]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-05-24 39936]
S4 ErrDev;Ovladače chybového zařízení hardwaru Microsoft; C:\Windows\system32\drivers\errdev.sys [2008-05-24 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-05-24 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program File [2012-06-29 6510112]
R2 AntiVirService;Avira Real-Time Protection; C:\Program File [2012-06-29 6510112]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program File [2012-06-29 6510112]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2011-12-14 692224]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2009-04-08 1377536]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program File [2012-06-29 6510112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program File [2012-06-29 6510112]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program File [2012-06-29 6510112]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

[Márty84]

Jeste tam neco visi


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[pezetking]

zde je log z comboFixu:
ComboFix 13-01-24.02 - Petr 24.01.2013 20:13:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.1982 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Petr\68956435567898775
c:\users\Petr\75439967573920484
c:\users\Petr\76968780866536342
c:\users\Petr\AppData\Local\TempDIR
c:\users\Petr\AppData\Roaming\f4f4f4f4f.txt
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-24 do 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-24 19:21 . 2013-01-24 19:21 -------- d-----w- c:\users\Petr\AppData\Local\temp
2013-01-24 19:21 . 2013-01-24 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-24 11:50 . 2013-01-24 11:50 -------- d-----w- C:\Temp
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\programdata\Malwarebytes
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-21 20:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-21 20:24 . 2013-01-24 18:09 -------- d-----w- C:\rsit
2013-01-21 20:24 . 2013-01-24 18:09 -------- d-----w- c:\program files\trend micro
2013-01-21 19:39 . 2013-01-24 06:42 0 ---ha-w- c:\users\Petr\AppData\Roaming\winsvcns.sys
2013-01-16 14:10 . 2013-01-16 22:54 -------- d-----w- c:\program files\SpeedFan
2013-01-16 09:00 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-15 18:17 . 2013-01-15 18:17 -------- d-----w- c:\users\Petr\AppData\Roaming\Avira
2013-01-15 18:15 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-15 18:15 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-15 18:15 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-15 18:15 . 2013-01-15 18:15 -------- d-----w- c:\programdata\Avira
2013-01-15 18:15 . 2013-01-15 18:15 -------- d-----w- c:\program files\Avira
2013-01-15 13:36 . 2013-01-15 13:41 -------- d-----w- C:\totalcmd
2013-01-15 13:36 . 2013-01-15 13:36 -------- d-----w- c:\users\Petr\AppData\Roaming\GHISLER
2013-01-15 09:27 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76D96016-DD59-47D5-835C-A74CD4877246}\mpengine.dll
2013-01-13 09:10 . 2009-12-17 12:02 1203712 ----a-w- c:\windows\system32\drivers\athr.sys
2013-01-12 19:25 . 2013-01-12 19:25 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-01-12 19:15 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-01-11 14:42 . 2013-01-16 22:51 -------- d-----w- C:\Games
2013-01-10 20:11 . 2013-01-10 20:11 -------- d-----w- c:\users\Petr\AppData\Roaming\Wargaming.net
2013-01-10 14:34 . 2008-10-10 03:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-01-10 14:33 . 2008-05-30 13:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2012-12-26 17:52 . 2012-12-26 17:52 -------- d-----w- c:\program files\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:13 . 2012-03-29 16:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 17:13 . 2011-12-14 22:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-12-09 09:31 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-30 22:51 . 2012-12-09 09:34 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-30 22:51 . 2012-11-07 19:09 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-01-20 21:07 . 2013-01-20 21:07 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-24 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-05-24 125952]
"Facebook Update"="c:\users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-31 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3337024854-4243349412-40047204-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-23 20:22 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:13]
.
2013-01-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000Core.job
- c:\users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-31 10:01]
.
2013-01-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000UA.job
- c:\users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-31 10:01]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 22:46]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 22:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\maqgd432.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-24 20:21
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2013-01-24 20:23:06
ComboFix-quarantined-files.txt 2013-01-24 19:23
.
Před spuštěním: Volných bajtů: 12 585 381 888
Po spuštění: Volných bajtů: 13 115 977 728
.
- - End Of File - - C211E3455B41BC7BCD201F31462EA2E3

[Márty84]

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\users\Petr\AppData\Roaming\winsvcns.sys
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Driver::
AdobeARMservice
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[pezetking]

Log je zde
ComboFix 13-01-24.02 - Petr 25.01.2013 9:15.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.1661 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\Services.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\services.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-25 do 2013-01-25 )))))))))))))))))))))))))))))))
.
.
2013-01-25 08:23 . 2013-01-25 08:26 -------- d-----w- c:\users\Petr\AppData\Local\temp
2013-01-25 08:23 . 2013-01-25 08:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-24 11:50 . 2013-01-24 11:50 -------- d-----w- C:\Temp
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\programdata\Malwarebytes
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-21 20:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-21 20:24 . 2013-01-24 18:09 -------- d-----w- C:\rsit
2013-01-21 20:24 . 2013-01-24 18:09 -------- d-----w- c:\program files\trend micro
2013-01-21 19:39 . 2013-01-24 06:42 0 ---ha-w- c:\users\Petr\AppData\Roaming\winsvcns.sys
2013-01-16 14:10 . 2013-01-16 22:54 -------- d-----w- c:\program files\SpeedFan
2013-01-16 09:00 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-15 18:17 . 2013-01-15 18:17 -------- d-----w- c:\users\Petr\AppData\Roaming\Avira
2013-01-15 18:15 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-15 18:15 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-15 18:15 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-15 18:15 . 2013-01-15 18:15 -------- d-----w- c:\programdata\Avira
2013-01-15 18:15 . 2013-01-15 18:15 -------- d-----w- c:\program files\Avira
2013-01-15 13:36 . 2013-01-15 13:41 -------- d-----w- C:\totalcmd
2013-01-15 13:36 . 2013-01-15 13:36 -------- d-----w- c:\users\Petr\AppData\Roaming\GHISLER
2013-01-15 09:27 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76D96016-DD59-47D5-835C-A74CD4877246}\mpengine.dll
2013-01-13 09:10 . 2009-12-17 12:02 1203712 ----a-w- c:\windows\system32\drivers\athr.sys
2013-01-12 19:25 . 2013-01-12 19:25 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-01-12 19:15 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-01-11 14:42 . 2013-01-16 22:51 -------- d-----w- C:\Games
2013-01-10 20:11 . 2013-01-10 20:11 -------- d-----w- c:\users\Petr\AppData\Roaming\Wargaming.net
2013-01-10 14:34 . 2008-10-10 03:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-01-10 14:33 . 2008-05-30 13:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2012-12-26 17:52 . 2012-12-26 17:52 -------- d-----w- c:\program files\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:13 . 2012-03-29 16:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 17:13 . 2011-12-14 22:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-12-09 09:31 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-30 22:51 . 2012-12-09 09:34 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-30 22:51 . 2012-11-07 19:09 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-01-20 21:07 . 2013-01-20 21:07 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-24 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-05-24 125952]
"Facebook Update"="c:\users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-31 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3337024854-4243349412-40047204-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-23 20:22 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:13]
.
2013-01-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000Core.job
- c:\users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-31 10:01]
.
2013-01-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000UA.job
- c:\users\Petr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-31 10:01]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 22:46]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-14 22:46]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\maqgd432.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-25 09:26
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\oodag.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2013-01-25 09:30:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-25 08:30
ComboFix2.txt 2013-01-24 19:23
.
Před spuštěním: Volných bajtů: 12 613 447 680
Po spuštění: Volných bajtů: 12 030 550 016
.
- - End Of File - - D7F9DA6B02C4A40FC5939CE87ABAF9B7

[Márty84]

Vzdyt to tam vsechno zustalo Vytvoril jste ten textovy dokument a pretahl nad ikonu combofixu? Zkuste to znovu. ComboFix nesmite spoustet dvojklikem, on se ma sam spustit po presunuti toho skriptu nad nej

[pezetking]

Omlouvám se problém byl v tom že jsem to přetáhl a dvojklikem spustil .
Zde už by měl být správný log
ComboFix 13-01-24.02 - Petr 25.01.2013 10:44:39.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.2072 [GMT 1:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Petr\AppData\Roaming\winsvcns.sys"
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000UA.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Petr\AppData\Roaming\winsvcns.sys
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000Core.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3337024854-4243349412-40047204-1000UA.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeARMservice
-------\Service_AdobeFlashPlayerUpdateSvc
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-25 do 2013-01-25 )))))))))))))))))))))))))))))))
.
.
2013-01-25 09:52 . 2013-01-25 09:55 -------- d-----w- c:\users\Petr\AppData\Local\temp
2013-01-24 11:50 . 2013-01-24 11:50 -------- d-----w- C:\Temp
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\programdata\Malwarebytes
2013-01-21 20:30 . 2013-01-21 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-21 20:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-21 20:24 . 2013-01-24 18:09 -------- d-----w- C:\rsit
2013-01-21 20:24 . 2013-01-24 18:09 -------- d-----w- c:\program files\trend micro
2013-01-16 14:10 . 2013-01-16 22:54 -------- d-----w- c:\program files\SpeedFan
2013-01-16 09:00 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-15 18:17 . 2013-01-15 18:17 -------- d-----w- c:\users\Petr\AppData\Roaming\Avira
2013-01-15 18:15 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-15 18:15 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-15 18:15 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-15 18:15 . 2013-01-15 18:15 -------- d-----w- c:\programdata\Avira
2013-01-15 18:15 . 2013-01-15 18:15 -------- d-----w- c:\program files\Avira
2013-01-15 13:36 . 2013-01-15 13:41 -------- d-----w- C:\totalcmd
2013-01-15 13:36 . 2013-01-15 13:36 -------- d-----w- c:\users\Petr\AppData\Roaming\GHISLER
2013-01-15 09:27 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76D96016-DD59-47D5-835C-A74CD4877246}\mpengine.dll
2013-01-13 09:10 . 2009-12-17 12:02 1203712 ----a-w- c:\windows\system32\drivers\athr.sys
2013-01-12 19:25 . 2013-01-12 19:25 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-01-12 19:15 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-01-11 14:42 . 2013-01-16 22:51 -------- d-----w- C:\Games
2013-01-10 20:11 . 2013-01-10 20:11 -------- d-----w- c:\users\Petr\AppData\Roaming\Wargaming.net
2013-01-10 14:34 . 2008-10-10 03:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-01-10 14:33 . 2008-05-30 13:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2012-12-26 17:52 . 2012-12-26 17:52 -------- d-----w- c:\program files\Common Files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:13 . 2012-03-29 16:56 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 17:13 . 2011-12-14 22:19 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-12-09 09:31 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-10-30 22:51 . 2012-12-09 09:34 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-10-30 22:51 . 2012-11-07 19:09 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-01-20 21:07 . 2013-01-20 21:07 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-24 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-05-24 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3337024854-4243349412-40047204-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-23 20:22 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\maqgd432.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-25 10:55
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
[0] 0xFE400000
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\oodag.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\system32\DllHost.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-01-25 10:59:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-25 09:59
ComboFix2.txt 2013-01-25 08:30
ComboFix3.txt 2013-01-24 19:23
.
Před spuštěním: Volných bajtů: 12 035 936 256
Po spuštění: Volných bajtů: 11 823 546 368
.
- - End Of File - - D13D82C23E78C99561CD3CB4C42213FC

[Márty84]

To uz vypada lepe


Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[pezetking]

zde je zpráva
RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petr [Práva správce]
Mód : Kontrola -- Datum : 01/25/2013 11:13:52
| ARK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[75] : NtCreateSection @ 0x8284A689 -> HOOKED (Unknown @ 0x8AF6814E)
SSDT[276] : NtRequestWaitReplyPort @ 0x8282E415 -> HOOKED (Unknown @ 0x8AF68158)
SSDT[289] : NtSetContextThread @ 0x82896233 -> HOOKED (Unknown @ 0x8AF68153)
SSDT[314] : NtSetSecurityObject @ 0x827DA773 -> HOOKED (Unknown @ 0x8AF6815D)
SSDT[332] : NtSystemDebugControl @ 0x827FEE60 -> HOOKED (Unknown @ 0x8AF68162)
SSDT[334] : NtTerminateProcess @ 0x827E42F0 -> HOOKED (Unknown @ 0x8AF680EF)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8AF68176)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AF6817B)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9A300 ATA Device +++++
--- User ---
[MBR] 1a417ed8c180ce28d9b46810cc2e09c4
[BSP] 181477bea6a7613fba40e08a1aab6f2e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 81949 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 188313936 | Size: 146522 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_01252013_02d1113.txt >>
RKreport[1]_S_01252013_02d1113.txt

[Márty84]

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[pezetking]

zde je první log:
RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petr [Práva správce]
Mód : Kontrola -- Datum : 01/25/2013 11:56:49
| ARK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
SSDT[75] : NtCreateSection @ 0x8284A689 -> HOOKED (Unknown @ 0x8AF6814E)
SSDT[276] : NtRequestWaitReplyPort @ 0x8282E415 -> HOOKED (Unknown @ 0x8AF68158)
SSDT[289] : NtSetContextThread @ 0x82896233 -> HOOKED (Unknown @ 0x8AF68153)
SSDT[314] : NtSetSecurityObject @ 0x827DA773 -> HOOKED (Unknown @ 0x8AF6815D)
SSDT[332] : NtSystemDebugControl @ 0x827FEE60 -> HOOKED (Unknown @ 0x8AF68162)
SSDT[334] : NtTerminateProcess @ 0x827E42F0 -> HOOKED (Unknown @ 0x8AF680EF)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8AF68176)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8AF6817B)

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9A300 ATA Device +++++
--- User ---
[MBR] 1a417ed8c180ce28d9b46810cc2e09c4
[BSP] 181477bea6a7613fba40e08a1aab6f2e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 81949 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 188313936 | Size: 146522 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[4]_S_01252013_02d1156.txt >>
RKreport[1]_S_01252013_02d1113.txt ; RKreport[2]_D_01252013_02d1156.txt ; RKreport[3]_D_01252013_02d1156.txt ; RKreport[4]_S_01252013_02d1156.txt



a zde je Oprava Host
RogueKiller V8.4.3 [Jan 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Petr [Práva správce]
Mód : Oprava HOSTS -- Datum : 01/25/2013 11:57:32
| ARK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[5]_H_01252013_02d1157.txt >>
RKreport[1]_S_01252013_02d1113.txt ; RKreport[2]_D_01252013_02d1156.txt ; RKreport[3]_D_01252013_02d1156.txt ; RKreport[4]_S_01252013_02d1156.txt ; RKreport[5]_H_01252013_02d1157.txt