Prosím o kontrolu logu

[ROOsta]

Na PC byl trojan POLICIE (2000.-Kč).
Odstraněn byl na jiném PC vyjmutím a Avastem. Pak zbytky ještě RogueKiller.
---------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by doma (administrator) on DOMA-PC on 14-10-2013 08:53:04
Running from C:\Users\doma\Desktop
Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\windows\system32\SLsvc.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Windows\SMINST\scheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\doma\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\doma\AppData\Local\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Users\doma\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\doma\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SetRefresh] - C:\Program Files\HP\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [ST Recovery Launcher] - %WINDIR%\SMINST\launcher.exe [44168 2007-06-28] (soft thinks)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\RunOnce: [RUNCMDS] - C:\SWSETUP\FLC\RUNCMDS.EXE [ 2006-12-15] (Hewlett-Packard Company)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\RunOnce: [RUNCMDS] - C:\SWSETUP\FLC\RUNCMDS.EXE [ 2006-12-15] (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x952C35E31463CA01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
SearchScopes: HKLM - DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {5b40a16e-1457-4c69-9d67-b37304efb378} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKCU - {5b40a16e-1457-4c69-9d67-b37304efb378} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKCU - {7641de6f-f43f-410a-b47f-229b511bff11} URL = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://start.myplaycity.com/results.php ... earchTerms}
SearchScopes: HKCU - {a45f6a7a-fcd2-412a-a54b-d89ce89d2020} URL = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... 329&lng=cs
SearchScopes: HKCU - {e4c0c6aa-5b9d-4d36-9445-6f1b8308b7bf} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... rceid=IE_5
BHO: MHTBPos00 Class - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
BHO: CMySite Class - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: Lištička - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll ()
Toolbar: HKLM - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - Nástroje Lišticky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\toolbar\toolbar.dll ()
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
Toolbar: HKCU -&Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKCU -Nástroje Lišticky - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - C:\Program Files\Seznam.cz\listicka.dll ()
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.0.1

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_1
CHR Extension: (Skype Click to Call) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\doma\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [68608 2011-06-30] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-06-30] (Flexera Software, Inc.)
R2 mi-raysat_3dsmax2012_32; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [86016 2011-02-23] ()
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-25] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540184 2007-08-07] (PDF Complete Inc)
R2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [4807536 2010-11-15] (Wacom Technology, Corp.)
S2 mi-raysat_3dsmax9_32; "C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [24152 2004-11-08] (IVT Corporation)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\doma\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MSICDSetup; \??\F:\CDriver.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
S3 usbbus; system32\DRIVERS\lgusbbus.sys [x]
S3 UsbDiag; system32\DRIVERS\lgusbdiag.sys [x]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-14 08:52 - 2013-10-14 08:52 - 00000000 ____D C:\FRST
2013-10-14 08:45 - 2013-10-14 08:45 - 01087213 _____ (Farbar) C:\Users\doma\Desktop\FRST.exe
2013-10-14 08:44 - 2013-10-14 08:44 - 00112128 _____ (forum.viry.cz) C:\Users\doma\Desktop\FRSTLauncher.exe
2013-10-14 08:29 - 2013-08-30 09:48 - 00177864 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-10-14 08:29 - 2013-08-30 09:48 - 00049376 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-10-14 08:19 - 2013-10-14 08:19 - 00000552 _____ C:\windows\PFRO.log
2013-10-14 08:16 - 2013-10-14 08:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-14 08:10 - 2013-10-14 08:10 - 00012484 _____ C:\ComboFix.txt
2013-10-14 07:56 - 2013-10-14 08:10 - 00000000 ____D C:\ComboFix
2013-10-14 07:56 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-14 07:56 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-14 07:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-14 07:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-14 07:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-14 07:56 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-10-14 07:56 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-10-14 07:56 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-10-14 07:55 - 2013-10-14 08:10 - 00000000 ____D C:\Qoobox
2013-10-14 07:55 - 2013-10-14 08:09 - 00000000 ____D C:\windows\erdnt
2013-10-14 07:52 - 2013-10-14 07:52 - 00002437 _____ C:\Users\doma\Desktop\RKreport[0]_H_10142013_075222.txt
2013-10-14 07:52 - 2013-10-14 07:52 - 00001703 _____ C:\Users\doma\Desktop\RKreport[0]_PR_10142013_075226.txt
2013-10-14 07:52 - 2013-10-14 07:52 - 00001658 _____ C:\Users\doma\Desktop\RKreport[0]_DN_10142013_075229.txt
2013-10-12 17:14 - 2013-10-12 17:27 - 00000000 ____D C:\zaloha
2013-10-12 10:17 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-12 10:17 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-12 10:17 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-10-12 10:17 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-12 10:17 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-10-12 10:17 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-12 10:17 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-10-12 10:17 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-12 10:17 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-12 10:17 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-12 10:17 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-10-12 10:17 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-10-12 10:16 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-12 10:16 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-12 10:16 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-10-12 10:16 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-12 09:52 - 2013-10-12 17:42 - 95025368 ____T C:\ProgramData\fjwihwd.pff
2013-10-11 20:30 - 2013-07-12 11:04 - 00134272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-11 20:30 - 2013-07-12 11:04 - 00073344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBAUDIO.sys
2013-10-11 20:30 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-11 20:30 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-11 20:30 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-11 20:30 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-11 20:30 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-11 20:29 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-11 20:29 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\windows\system32\d3d10.dll
2013-10-11 20:29 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1core.dll
2013-10-11 20:29 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\d3d10core.dll
2013-10-11 20:29 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\windows\system32\d3d10_1.dll
2013-10-11 20:29 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2013-10-11 20:29 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2013-10-11 20:29 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2013-10-11 20:29 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-10-11 20:29 - 2013-08-27 03:28 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2013-10-11 20:29 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-10-11 20:29 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2013-10-11 20:29 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 20:29 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-11 20:29 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-11 20:29 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-11 20:29 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-11 20:29 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-11 20:29 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-11 20:19 - 2013-10-14 07:54 - 00000000 ____D C:\Users\doma\Desktop\RK_Quarantine
2013-10-11 20:19 - 2013-10-11 09:27 - 00951296 _____ C:\Users\doma\Desktop\RogueKiller.exe
2013-10-10 21:54 - 2013-10-12 17:41 - 00000000 _____ C:\ProgramData\fjwihwd.ctrl
2013-10-08 18:45 - 2013-10-08 18:45 - 00729540 _____ C:\Users\doma\Downloads\prilohy_3784.zip
2013-10-08 18:45 - 2013-10-08 18:45 - 00729540 _____ C:\Users\doma\Downloads\prilohy_3784 (1).zip
2013-09-28 12:30 - 2013-09-28 14:12 - 936066344 _____ C:\Users\doma\Downloads\Svatá-čtveřice-(2012).mkv
2013-09-27 19:44 - 2013-09-27 19:44 - 00000000 ____D C:\Users\doma\AppData\Roaming\Mozilla
2013-09-24 18:07 - 2013-09-24 18:07 - 00864811 _____ C:\Users\doma\Downloads\bank.wm

==================== One Month Modified Files and Folders =======

2013-10-14 08:53 - 2012-01-31 16:29 - 01707681 _____ C:\windows\WindowsUpdate.log
2013-10-14 08:52 - 2013-10-14 08:52 - 00000000 ____D C:\FRST
2013-10-14 08:50 - 2011-08-24 13:37 - 00000958 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215765478-2593845076-807826192-1003UA.job
2013-10-14 08:50 - 2007-09-28 00:49 - 00000000 ____D C:\windows\SMINST
2013-10-14 08:48 - 2013-01-27 14:17 - 00000932 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-14 08:48 - 2011-06-15 10:37 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-14 08:48 - 2006-11-02 15:01 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-14 08:48 - 2006-11-02 14:47 - 00003296 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-14 08:48 - 2006-11-02 14:47 - 00003296 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-14 08:47 - 2010-12-13 17:50 - 00000012 _____ C:\windows\bthservsdp.dat
2013-10-14 08:47 - 2006-11-02 15:01 - 00032626 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-14 08:45 - 2013-10-14 08:45 - 01087213 _____ (Farbar) C:\Users\doma\Desktop\FRST.exe
2013-10-14 08:44 - 2013-10-14 08:44 - 00112128 _____ (forum.viry.cz) C:\Users\doma\Desktop\FRSTLauncher.exe
2013-10-14 08:43 - 2013-01-27 14:18 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-14 08:41 - 2012-04-03 08:49 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-10-14 08:29 - 2006-11-02 12:23 - 00002577 _____ C:\windows\system32\config.nt
2013-10-14 08:19 - 2013-10-14 08:19 - 00000552 _____ C:\windows\PFRO.log
2013-10-14 08:16 - 2013-10-14 08:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-14 08:10 - 2013-10-14 08:10 - 00012484 _____ C:\ComboFix.txt
2013-10-14 08:10 - 2013-10-14 07:56 - 00000000 ____D C:\ComboFix
2013-10-14 08:10 - 2013-10-14 07:55 - 00000000 ____D C:\Qoobox
2013-10-14 08:10 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default
2013-10-14 08:10 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public
2013-10-14 08:09 - 2013-10-14 07:55 - 00000000 ____D C:\windows\erdnt
2013-10-14 08:07 - 2006-11-02 12:23 - 00000231 _____ C:\windows\system.ini
2013-10-14 07:56 - 2006-11-02 12:33 - 01874012 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-14 07:54 - 2013-10-11 20:19 - 00000000 ____D C:\Users\doma\Desktop\RK_Quarantine
2013-10-14 07:52 - 2013-10-14 07:52 - 00002437 _____ C:\Users\doma\Desktop\RKreport[0]_H_10142013_075222.txt
2013-10-14 07:52 - 2013-10-14 07:52 - 00001703 _____ C:\Users\doma\Desktop\RKreport[0]_PR_10142013_075226.txt
2013-10-14 07:52 - 2013-10-14 07:52 - 00001658 _____ C:\Users\doma\Desktop\RKreport[0]_DN_10142013_075229.txt
2013-10-12 19:33 - 2007-11-25 16:06 - 00000000 ____D C:\tmp
2013-10-12 17:42 - 2013-10-12 09:52 - 95025368 ____T C:\ProgramData\fjwihwd.pff
2013-10-12 17:41 - 2013-10-10 21:54 - 00000000 _____ C:\ProgramData\fjwihwd.ctrl
2013-10-12 17:27 - 2013-10-12 17:14 - 00000000 ____D C:\zaloha
2013-10-12 13:05 - 2006-11-02 13:18 - 00000000 ____D C:\windows\Microsoft.NET
2013-10-12 10:43 - 2006-11-02 14:47 - 02352448 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-12 10:41 - 2007-12-04 22:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-12 10:33 - 2013-08-16 17:14 - 00000000 ____D C:\windows\system32\MRT
2013-10-12 10:29 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2013-10-11 09:27 - 2013-10-11 20:19 - 00951296 _____ C:\Users\doma\Desktop\RogueKiller.exe
2013-10-10 21:50 - 2011-08-24 13:37 - 00000906 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215765478-2593845076-807826192-1003Core.job
2013-10-10 19:40 - 2007-11-14 23:36 - 00000000 ____D C:\Users\doma\AppData\Roaming\Skype
2013-10-09 22:41 - 2012-04-03 08:49 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-10-09 22:41 - 2011-05-23 07:57 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 18:45 - 2013-10-08 18:45 - 00729540 _____ C:\Users\doma\Downloads\prilohy_3784.zip
2013-10-08 18:45 - 2013-10-08 18:45 - 00729540 _____ C:\Users\doma\Downloads\prilohy_3784 (1).zip
2013-09-29 18:06 - 2007-11-14 23:36 - 00000000 ___RD C:\Program Files\Skype
2013-09-29 18:06 - 2007-11-14 23:36 - 00000000 ____D C:\ProgramData\Skype
2013-09-28 14:12 - 2013-09-28 12:30 - 936066344 _____ C:\Users\doma\Downloads\Svatá-čtveřice-(2012).mkv
2013-09-27 19:44 - 2013-09-27 19:44 - 00000000 ____D C:\Users\doma\AppData\Roaming\Mozilla
2013-09-24 18:07 - 2013-09-24 18:07 - 00864811 _____ C:\Users\doma\Downloads\bank.wm
2013-09-22 12:29 - 2013-10-12 10:16 - 12336128 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-22 12:22 - 2013-10-12 10:17 - 01800704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-22 12:22 - 2013-10-12 10:16 - 09739264 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-22 12:14 - 2013-10-12 10:16 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-09-22 12:13 - 2013-10-12 10:17 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-22 12:13 - 2013-10-12 10:16 - 01104896 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-22 12:12 - 2013-10-12 10:17 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-09-22 12:09 - 2013-10-12 10:17 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-22 12:08 - 2013-10-12 10:17 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-09-22 12:07 - 2013-10-12 10:17 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-22 12:06 - 2013-10-12 10:17 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-09-22 12:05 - 2013-10-12 10:17 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-22 12:03 - 2013-10-12 10:17 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-22 12:03 - 2013-10-12 10:17 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-22 12:03 - 2013-10-12 10:17 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-09-22 11:59 - 2013-10-12 10:17 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-18 19:00 - 2007-11-14 20:44 - 00088064 _____ C:\Users\doma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-18 18:59 - 2007-11-14 19:56 - 00000000 ____D C:\Users\doma

Files to move or delete:
====================
C:\ProgramData\fjwihwd.ctrl
C:\ProgramData\fjwihwd.pff
C:\Users\doma\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-14 08:26




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:135.04 GB) (Free:42.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:12.05 GB) (Free:7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (OS_TOOLS) (Fixed) (Total:1.96 GB) (Free:1.75 GB) NTFS

Available physical RAM: 1278.72 MB
Total physical RAM: 3060.45 MB
Percentage of memory in use: 58%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 149 GB) (Disk ID: 55FC2F25)
Partition 1: (Active) - (Size=135 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215765478-2593845076-807826192-1003Core.job => C:\Users\doma\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215765478-2593845076-807826192-1003UA.job => C:\Users\doma\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\ProgramData\Microsoft:LbeXwqHCaUD3CY1GE3NJZHH
AlternateDataStreams: C:\ProgramData\Microsoft:v0MUO0M0XYHfzTUmwKlD
AlternateDataStreams: C:\ProgramData\Microsoft:YxXVl13kwpOgLh3cRN1FsmR
AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C
AlternateDataStreams: C:\Users\doma\Local Settings:RGXvxZv0rlcIUD4sH8jy
AlternateDataStreams: C:\Users\doma\Soubory cookie:TvoGIp15oXVGMfEONtWJhT
AlternateDataStreams: C:\Users\doma\AppData\Local:RGXvxZv0rlcIUD4sH8jy
AlternateDataStreams: C:\Users\doma\AppData\Local\Data aplikací:RGXvxZv0rlcIUD4sH8jy

==================== Security Center ==================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\doma\Desktop" je 9 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
"C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
C:\windows\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete
"C:\Program Files\PDF Complete\pdfsty.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
C:\windows\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"c:\program files\real\realplayer\Update\realsched.exe" -osboot [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
C:\Program Files\Windows Media Player\WMPNSCFG.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG
Rezim ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^doma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Zdravim a pekny den preji
Vas log se studuje a pracuje se na nem .
Prosim o strpeni!

[vyosek]

Nejak sjte opomenul zminit jeste cisteni ComboFixem

:arrow:Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

Licencni podminky ComboFixu hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"


Nebezpeci CFka

• Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
• Maze stopy po haveti, takze v logu z RSIT neni nic videt
• Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
• CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
• CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Log z nej byste nasel (c:\combofix.txt)?

[ROOsta]

Je v přiloze

[vyosek]

:arrow:Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

[ROOsta]

Ještě teda jsem jeden log.

[ROOsta]

Přiznám, že s ním pracovat neumím. Jen jsem ho použil podle nějaké někde načtené rady.
TDSSKiller mi vytvořil složku C:/TDSSKiller_Quarantine a jsou tam soubory.

[vyosek]

Vy jste opravdu kouzelnik s utilitami. Nuemite s nimi, ale presto vesele pouzivate...Pres TDSSKiller jste si smazal legitimni ovladac systemu

Stahnete TDSSQlook http://www.malwareinfo.nl/tools/TDSSQlook.exe

• Ulozte na plochu a spustte
• Zvolte moznost A a potvrdte Enterem
• Po chvili se zobrazi log, ten sem vlozte

[ROOsta]

CO nadělám rychlejší ruce než rozum. Už budu hodný.
Zápasil jsem s tím už po chvílich dva dny. První jsem zkoušel boot AVG cd. Ten sice něco odstranil ale nepustil mne ani na chvíli abych spustil RoggueKiller. I když byl odpojen od netu tak po 3 minutách opět zamknul PC. Pak jsem teda HD zkusil napojit na jiný PC a projel ho avastem. Ten našel 3 soubory.
Jak jsem ho spustil tak před připojením na net jsem projel PC utilitami co mne napadlo. A aktualizoval avast co tu měli starý.

[ROOsta]

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - doma - po 14.10.2013 - 9:40:55,59.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2
***** START SCAN po 14.10.2013 9:40:56,28 *****

---------- TDSSKiller logs ----------

TDSSKiller.3.0.0.12_14.10.2013_08.20.56_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\14.10.2013_08.15.56
C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000
C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000\object.ini
C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000\svc0000
C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000\svc0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\14.10.2013_08.15.56\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\Drivers\sptd.sys
md5: D390675B8CE45E5FB359338E5E649329
sha256: D10D750EC3FEA62A202EED163F534F2B7EDB2951A4908EA07BDE75D31C1250F2


***** END SCAN po 14.10.2013 9:40:56,44 *****

[vyosek]

Tak mi sem dejte TDSQLook at ten ovladac obnovime a pak pujdeme dale...

[ROOsta]

Myslite? : TDSSKiller Quarantine Information log

[vyosek]

Dobry, uz je o prispevek vyse, jste jej dal nez jsem odpovedel...

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[ROOsta]

# AdwCleaner v3.007 - Report created 14/10/2013 at 10:09:34
# Updated 09/10/2013 by Xplode
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : doma - DOMA-PC
# Running from : C:\Users\doma\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Users\doma\AppData\LocalLow\Inbox Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Google Chrome v

[ File : C:\Users\doma\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5294 octets] - [14/10/2013 10:05:06]
AdwCleaner[S0].txt - [5242 octets] - [14/10/2013 10:09:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5302 octets] ##########

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
  HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
  HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
  HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
  HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKU\Default\...\RunOnce: [RUNCMDS] - C:\SWSETUP\FLC\RUNCMDS.EXE [ 2006-12-15] (Hewlett-Packard Company)
  HKU\Default User\...\RunOnce: [RUNCMDS] - C:\SWSETUP\FLC\RUNCMDS.EXE [ 2006-12-15] (Hewlett-Packard Company)
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x952C35E31463CA01
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.myplaycity.com/
  HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  
  URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
  URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
  SearchScopes: HKLM - DefaultScope {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
  SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
  SearchScopes: HKCU - DefaultScope {5b40a16e-1457-4c69-9d67-b37304efb378} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
  SearchScopes: HKCU - {5b40a16e-1457-4c69-9d67-b37304efb378} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
  SearchScopes: HKCU - {7641de6f-f43f-410a-b47f-229b511bff11} URL = http://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
  SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://start.myplaycity.com/results.php?category=web&s={searchTerms}
  SearchScopes: HKCU - {a45f6a7a-fcd2-412a-a54b-d89ce89d2020} URL = http://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
  SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheritage.com?orig=ds&q={searchTerms}
  SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatc ... tp=bs&qkw={searchTerms}&tbid=80329&lng=cs
  SearchScopes: HKCU - {e4c0c6aa-5b9d-4d36-9445-6f1b8308b7bf} URL = http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=IE_5
  BHO: MHTBPos00 Class - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
  BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
  BHO: CMySite Class - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
  Toolbar: HKLM - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
  Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
  Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
  Toolbar: HKCU -Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
  Toolbar: HKCU -&Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
  Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
  Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
  
  CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
  CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
  
  C:\ProgramData\fjwihwd.ctrl
  C:\ProgramData\fjwihwd.pff
  C:\Users\doma\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat
  C:\Program Files\Family Toolbar
  
  Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215765478-2593845076-807826192-1003Core.job => C:\Users\doma\AppData\Local\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4215765478-2593845076-807826192-1003UA.job => C:\Users\doma\AppData\Local\Google\Update\GoogleUpdate.exe
  
  AlternateDataStreams: C:\ProgramData\Microsoft:LbeXwqHCaUD3CY1GE3NJZHH
  AlternateDataStreams: C:\ProgramData\Microsoft:v0MUO0M0XYHfzTUmwKlD
  AlternateDataStreams: C:\ProgramData\Microsoft:YxXVl13kwpOgLh3cRN1FsmR
  AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C
  AlternateDataStreams: C:\Users\doma\Local Settings:RGXvxZv0rlcIUD4sH8jy
  AlternateDataStreams: C:\Users\doma\Soubory cookie:TvoGIp15oXVGMfEONtWJhT
  AlternateDataStreams: C:\Users\doma\AppData\Local:RGXvxZv0rlcIUD4sH8jy
  AlternateDataStreams: C:\Users\doma\AppData\Local\Data aplikací:RGXvxZv0rlcIUD4sH8jy
  
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG" /f
  REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^doma^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk" /f
  
  Hosts:
  CMD: shutdown /r /f /t 2
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt