vir na flešce

[robert.halas]

ComboFix 13-11-03.02 - Acer 03.11.2013 13:37:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3956.2670 [GMT 1:00]
Spuštěný z: c:\stah\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Roaming\update_tc\update.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\tmp6375.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Windows Internet Name Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-03 do 2013-11-03 )))))))))))))))))))))))))))))))
.
.
2013-11-03 12:45 . 2013-08-19 22:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FD8F235-83B1-4F85-AB3B-9B73C5ACE21D}\mpengine.dll
2013-11-03 10:48 . 2013-11-03 10:49 -------- d-----w- C:\AdwCleaner
2013-11-03 10:38 . 2013-11-03 10:38 -------- d-----w- c:\windows\ERUNT
2013-11-03 10:36 . 2013-11-03 10:36 -------- d-----w- c:\users\Acer\AppData\Roaming\AVAST Software
2013-11-03 10:35 . 2013-11-03 10:35 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-03 10:35 . 2013-11-03 10:35 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-03 10:35 . 2013-11-03 10:35 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-03 10:35 . 2013-11-03 10:35 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-03 10:35 . 2013-11-03 10:35 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-03 10:35 . 2013-11-03 10:35 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-03 10:35 . 2013-11-03 10:35 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-03 10:35 . 2013-11-03 10:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-03 10:35 . 2013-11-03 10:35 43152 ----a-w- c:\windows\avastSS.scr
2013-11-03 10:35 . 2013-11-03 10:35 -------- d-----w- c:\program files\AVAST Software
2013-11-03 09:14 . 2013-11-03 09:14 -------- d-----w- C:\rsit
2013-11-03 09:14 . 2013-11-03 09:14 -------- d-----w- c:\program files\trend micro
2013-11-03 08:48 . 2013-11-03 08:54 -------- d-----w- C:\UsbFix
2013-11-02 17:05 . 2013-11-02 17:05 388096 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-02 17:05 . 2013-11-02 17:05 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-02 16:37 . 2013-11-02 16:37 -------- d-----w- c:\users\Acer\AppData\Local\GHISLER
2013-11-01 19:46 . 2013-11-01 19:46 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\program files (x86)\Eidos
2013-10-20 10:39 . 2013-10-20 10:47 -------- d-----w- c:\program files (x86)\Vietcong2
2013-10-20 10:37 . 2013-10-20 10:37 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2013-10-19 12:21 . 2013-10-19 12:29 -------- d-----w- c:\program files (x86)\LCP
2013-10-19 12:21 . 2013-10-19 12:21 26624 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{1EFAF492-9A3B-48C3-9349-234B146FDA46}\Icon1EFAF492.exe
2013-10-18 16:15 . 2013-11-02 15:51 -------- d-----w- c:\users\Acer\AppData\Local\download.am-data
2013-10-18 16:15 . 2013-10-18 16:15 -------- d-----w- c:\program files (x86)\Download.am
2013-10-18 13:58 . 2013-10-18 13:58 -------- d-----w- C:\Games
2013-10-12 15:43 . 2013-10-12 15:43 -------- d-----w- c:\program files (x86)\Cenega Czech
2013-10-12 11:41 . 2013-10-12 11:49 -------- d-----w- c:\users\Acer\AppData\Local\Floorball League
2013-10-12 11:41 . 2013-10-12 11:41 -------- d-----w- c:\program files (x86)\Prodigium Game Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-03 10:35 . 2013-03-08 08:12 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-12 11:43 . 2013-05-12 14:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-10-12 11:43 . 2013-05-12 14:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-10-12 09:01 . 2013-08-08 15:42 4464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2013-09-25 08:47 . 2013-07-25 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-25 08:47 . 2013-07-18 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-24 07:53 . 2013-07-18 17:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-24 07:52 . 2013-07-18 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-22 16:33 . 2013-09-22 16:33 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2013-09-22 16:33 . 2013-09-22 16:33 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2013-08-31 10:16 . 2013-08-31 10:16 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-08-30 08:36 . 2013-08-30 08:36 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-30 08:36 . 2013-08-30 08:36 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-30 08:31 . 2013-08-30 08:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-30 08:31 . 2013-08-30 08:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-30 08:31 . 2013-08-30 08:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-30 08:31 . 2013-08-30 08:31 86016 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-30 08:31 . 2013-08-30 08:31 816640 ----a-w- c:\windows\system32\jscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-08-30 08:31 . 2013-08-30 08:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 248320 ----a-w- c:\windows\system32\ieui.dll
2013-08-30 08:31 . 2013-08-30 08:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-08-30 08:31 . 2013-08-30 08:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-30 08:31 . 2013-08-30 08:31 237056 ----a-w- c:\windows\system32\url.dll
2013-08-30 08:31 . 2013-08-30 08:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-08-30 08:31 . 2013-08-30 08:31 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-08-30 08:31 . 2013-08-30 08:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-08-30 08:31 . 2013-08-30 08:31 17830400 ----a-w- c:\windows\system32\mshtml.dll
2013-08-30 08:31 . 2013-08-30 08:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-30 08:31 . 2013-08-30 08:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-30 08:31 . 2013-08-30 08:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-30 08:31 . 2013-08-30 08:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-30 08:31 . 2013-08-30 08:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-08-30 08:31 . 2013-08-30 08:31 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-08-30 08:31 . 2013-08-30 08:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-30 08:31 . 2013-08-30 08:31 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-08-30 08:29 . 2013-08-30 08:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-30 08:29 . 2013-08-30 08:29 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-30 08:29 . 2013-08-30 08:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-30 08:29 . 2013-08-30 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-30 08:29 . 2013-08-30 08:29 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-30 08:29 . 2013-08-30 08:29 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-30 08:29 . 2013-08-30 08:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-30 08:29 . 2013-08-30 08:29 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-30 08:29 . 2013-08-30 08:29 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-30 08:29 . 2013-08-30 08:29 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-30 08:29 . 2013-08-30 08:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-30 08:29 . 2013-08-30 08:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-30 08:29 . 2013-08-30 08:29 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-30 08:29 . 2013-08-30 08:29 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-30 08:29 . 2013-08-30 08:29 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-30 08:29 . 2013-08-30 08:29 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-30 08:28 . 2013-08-30 08:28 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-30 08:28 . 2013-08-30 08:28 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-30 08:28 . 2013-08-30 08:28 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-30 08:28 . 2013-08-30 08:28 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-30 08:28 . 2013-08-30 08:28 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-30 08:28 . 2013-08-30 08:28 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-30 08:28 . 2013-08-30 08:28 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-30 08:28 . 2013-08-30 08:28 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-19 22:46 . 2013-08-30 08:36 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEB1A84-B8AC-4F73-8BE4-A2469DCCC832}\mpengine.dll
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-03 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-22 16:09]
.
2013-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-22 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-03 10:35 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-10 9643552]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"rqcqyuxmeb"="wscript.exe" [2009-07-14 168960]
"pstfsvapsu"="wscript.exe" [2009-07-14 168960]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 10.132.12.33 10.132.12.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Printsrv - c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
AddRemove-MixiDJ chrome Toolbar - c:\users\Acer\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-8095715-4125419755-1740114249-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f8,18,33,6b,da,3f,88,bf,3e,d0,d5,0d,00,b0,2b,e3,31,40,d3,25,80,32,22,
07,d3,4b,0b,49,f3,54,2a,0b,c3,f4,8d,7d,95,73,68,3a,1e,16,64,9c,96,dc,9a,90,\
"??"=hex:13,84,26,0d,e6,e0,d3,09,2c,a0,1a,d8,08,6a,dd,6c
.
[HKEY_USERS\S-1-5-21-8095715-4125419755-1740114249-1000\Software\SecuROM\License information*]
"datasecu"=hex:dd,99,61,1e,d6,75,99,bb,d4,3c,e3,4d,95,f4,1e,1d,3e,95,87,b9,c1,
98,08,60,bc,e1,04,cb,a7,a0,d9,83,16,75,88,67,46,3e,83,cf,ed,94,cc,cd,8b,e5,\
"rkeysecu"=hex:92,3d,d7,e7,0d,c8,84,39,50,97,8d,fa,b4,af,b4,78
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-03 13:50:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-03 12:50
.
Před spuštěním: Volných bajtů: 76 976 504 832
Po spuštění: Volných bajtů: 76 755 107 840
.
- - End Of File - - C00B344E62A5E1323A3EC75EDF74C10E
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Folder::
  C:\Program Files (x86)\IObit
  C:\Program Files (x86)\IObit Apps Toolbar
  c:\program files (x86)\Tor
  
  Driver::
  tor
  
  Collect::
  C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs
  C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs
  
  File::
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job
  c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "rqcqyuxmeb"=-
  "pstfsvapsu"=-
  [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
  ""=-
  [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
  ""=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  "AppInit_DLLs"=""
  
  RegNull::
  [HKEY_USERS\S-1-5-21-8095715-4125419755-1740114249-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-8095715-4125419755-1740114249-1000\Software\SecuROM\License information*]
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[robert.halas]

Když napíšu v Pátek do tohoto fora tak mi pomužete i s netbookem

[vyosek]

Jasne, nebude problem

Klidne mi i napiste mail

[robert.halas]

Jsem rád že tomu někdo rozumy musel bych letet do pc opravni a no to nemam čas

[robert.halas]

ComboFix 13-11-03.02 - Acer 03.11.2013 14:07:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3956.2801 [GMT 1:00]
Spuštěný z: c:\users\Acer\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Acer\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Tor
c:\program files (x86)\Tor\tor.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_tor
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-03 do 2013-11-03 )))))))))))))))))))))))))))))))
.
.
2013-11-03 13:17 . 2013-08-19 22:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5701396-1AA4-44DE-8E90-E8263BF890FA}\mpengine.dll
2013-11-03 13:13 . 2013-11-03 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-03 10:48 . 2013-11-03 10:49 -------- d-----w- C:\AdwCleaner
2013-11-03 10:38 . 2013-11-03 10:38 -------- d-----w- c:\windows\ERUNT
2013-11-03 10:36 . 2013-11-03 10:36 -------- d-----w- c:\users\Acer\AppData\Roaming\AVAST Software
2013-11-03 10:35 . 2013-11-03 10:35 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-03 10:35 . 2013-11-03 10:35 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-03 10:35 . 2013-11-03 10:35 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-03 10:35 . 2013-11-03 10:35 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-03 10:35 . 2013-11-03 10:35 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-03 10:35 . 2013-11-03 10:35 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-03 10:35 . 2013-11-03 10:35 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-03 10:35 . 2013-11-03 10:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-03 10:35 . 2013-11-03 10:35 43152 ----a-w- c:\windows\avastSS.scr
2013-11-03 10:35 . 2013-11-03 10:35 -------- d-----w- c:\program files\AVAST Software
2013-11-03 09:14 . 2013-11-03 09:14 -------- d-----w- C:\rsit
2013-11-03 09:14 . 2013-11-03 09:14 -------- d-----w- c:\program files\trend micro
2013-11-03 08:48 . 2013-11-03 08:54 -------- d-----w- C:\UsbFix
2013-11-02 17:05 . 2013-11-02 17:05 388096 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-02 17:05 . 2013-11-02 17:05 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-02 16:37 . 2013-11-02 16:37 -------- d-----w- c:\users\Acer\AppData\Local\GHISLER
2013-11-01 19:46 . 2013-11-01 19:46 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\program files (x86)\Eidos
2013-10-20 10:39 . 2013-10-20 10:47 -------- d-----w- c:\program files (x86)\Vietcong2
2013-10-20 10:37 . 2013-10-20 10:37 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2013-10-19 12:21 . 2013-10-19 12:29 -------- d-----w- c:\program files (x86)\LCP
2013-10-19 12:21 . 2013-10-19 12:21 26624 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{1EFAF492-9A3B-48C3-9349-234B146FDA46}\Icon1EFAF492.exe
2013-10-18 16:15 . 2013-11-02 15:51 -------- d-----w- c:\users\Acer\AppData\Local\download.am-data
2013-10-18 16:15 . 2013-10-18 16:15 -------- d-----w- c:\program files (x86)\Download.am
2013-10-18 13:58 . 2013-10-18 13:58 -------- d-----w- C:\Games
2013-10-12 15:43 . 2013-10-12 15:43 -------- d-----w- c:\program files (x86)\Cenega Czech
2013-10-12 11:41 . 2013-10-12 11:49 -------- d-----w- c:\users\Acer\AppData\Local\Floorball League
2013-10-12 11:41 . 2013-10-12 11:41 -------- d-----w- c:\program files (x86)\Prodigium Game Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-03 10:35 . 2013-03-08 08:12 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-12 11:43 . 2013-05-12 14:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-10-12 11:43 . 2013-05-12 14:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-10-12 09:01 . 2013-08-08 15:42 4464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2013-09-25 08:47 . 2013-07-25 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-25 08:47 . 2013-07-18 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-24 07:53 . 2013-07-18 17:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-24 07:52 . 2013-07-18 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-22 16:33 . 2013-09-22 16:33 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2013-09-22 16:33 . 2013-09-22 16:33 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2013-08-31 10:16 . 2013-08-31 10:16 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-08-30 08:36 . 2013-08-30 08:36 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-30 08:36 . 2013-08-30 08:36 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-30 08:31 . 2013-08-30 08:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-30 08:31 . 2013-08-30 08:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-30 08:31 . 2013-08-30 08:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-30 08:31 . 2013-08-30 08:31 86016 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-30 08:31 . 2013-08-30 08:31 816640 ----a-w- c:\windows\system32\jscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-08-30 08:31 . 2013-08-30 08:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 248320 ----a-w- c:\windows\system32\ieui.dll
2013-08-30 08:31 . 2013-08-30 08:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-08-30 08:31 . 2013-08-30 08:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-30 08:31 . 2013-08-30 08:31 237056 ----a-w- c:\windows\system32\url.dll
2013-08-30 08:31 . 2013-08-30 08:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-08-30 08:31 . 2013-08-30 08:31 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-08-30 08:31 . 2013-08-30 08:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-08-30 08:31 . 2013-08-30 08:31 17830400 ----a-w- c:\windows\system32\mshtml.dll
2013-08-30 08:31 . 2013-08-30 08:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-30 08:31 . 2013-08-30 08:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-30 08:31 . 2013-08-30 08:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-30 08:31 . 2013-08-30 08:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-30 08:31 . 2013-08-30 08:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-08-30 08:31 . 2013-08-30 08:31 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-08-30 08:31 . 2013-08-30 08:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-30 08:31 . 2013-08-30 08:31 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-08-30 08:29 . 2013-08-30 08:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-30 08:29 . 2013-08-30 08:29 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-30 08:29 . 2013-08-30 08:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-30 08:29 . 2013-08-30 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-30 08:29 . 2013-08-30 08:29 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-30 08:29 . 2013-08-30 08:29 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-30 08:29 . 2013-08-30 08:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-30 08:29 . 2013-08-30 08:29 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-30 08:29 . 2013-08-30 08:29 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-30 08:29 . 2013-08-30 08:29 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-30 08:29 . 2013-08-30 08:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-30 08:29 . 2013-08-30 08:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-30 08:29 . 2013-08-30 08:29 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-30 08:29 . 2013-08-30 08:29 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-30 08:29 . 2013-08-30 08:29 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-30 08:29 . 2013-08-30 08:29 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-30 08:28 . 2013-08-30 08:28 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-30 08:28 . 2013-08-30 08:28 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-30 08:28 . 2013-08-30 08:28 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-30 08:28 . 2013-08-30 08:28 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-30 08:28 . 2013-08-30 08:28 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-30 08:28 . 2013-08-30 08:28 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-30 08:28 . 2013-08-30 08:28 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-30 08:28 . 2013-08-30 08:28 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-19 22:46 . 2013-08-30 08:36 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEB1A84-B8AC-4F73-8BE4-A2469DCCC832}\mpengine.dll
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-03 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-03 10:35 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-10 9643552]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 10.132.12.33 10.132.12.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-MixiDJ chrome Toolbar - c:\users\Acer\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-03 14:21:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-03 13:21
ComboFix2.txt 2013-11-03 12:50
.
Před spuštěním: Volných bajtů: 76 817 645 568
Po spuštění: Volných bajtů: 76 527 046 656
.
- - End Of File - - AAF6099E6E6B01971CF4787597C15FA3
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Dejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

[robert.halas]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Acer (administrator) on ACER-PC on 03-11-2013 14:37:00
Running from C:\Users\Acer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-03] (AVAST Software)
BootExecute:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {128A1E86-FD6E-43BF-9577-FEC73DBAB60F} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {25E69E2D-FDD7-40A0-84BB-73303C373F85} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {481042A4-1ACF-482F-9A5A-B57C7B2AA1AD} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {558B527B-44F8-4AFF-8DB5-AA90F70E23E7} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {6B4B7FDE-D486-4C11-A417-73C9F15047A6} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {6E33BAB8-AEEC-4653-A1F8-0787FBCA66C9} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {6E734CF0-03AA-4CE9-960A-CCAE44748A35} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {79CFF18F-0DE2-48C9-995E-1442B054A541} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {EE53340A-C3F3-4DD6-8148-AC1CA9306B5B} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 10.132.12.33 10.132.12.1

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/?clid=13415
CHR Extension: (Seznam Li\u0161ti\u010Dka - Email) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Slovn\u00EDk) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0
CHR Extension: (avast! Online Security) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.5.14_0
CHR HKLM-x32\...\Chrome\Extension: [caodggjhipefhiblmgbchfkehoofabbh] - C:\Program Files\Instair\Instair.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-22] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-03] (AVAST Software)
S4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-24] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-03] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-03] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-07-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-13] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-06-20] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-03 14:36 - 2013-11-03 14:36 - 00000000 ____D C:\FRST
2013-11-03 14:34 - 2013-11-03 14:34 - 00112128 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2013-11-03 14:31 - 2013-11-03 14:32 - 01957098 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2013-11-03 13:25 - 2013-11-03 13:25 - 00000000 ____D C:\Users\Acer\Desktop\rkill
2013-11-03 11:38 - 2013-11-03 11:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 11:36 - 2013-11-03 11:36 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-03 11:36 - 2013-11-03 11:36 - 00000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2013-11-03 11:35 - 2013-11-03 11:35 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-03 11:35 - 2013-11-03 11:35 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-03 11:35 - 2013-11-03 11:35 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-03 10:14 - 2013-11-03 10:14 - 00000000 ____D C:\Program Files\trend micro
2013-11-02 19:35 - 2013-11-02 19:42 - 00002561 _____ C:\Windows\diagwrn.xml
2013-11-02 19:35 - 2013-11-02 19:42 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-02 18:05 - 2013-11-02 18:05 - 00002971 _____ C:\Users\Acer\Desktop\HiJackThis.lnk
2013-11-02 18:05 - 2013-11-02 18:05 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-11-02 18:05 - 2013-11-02 18:05 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-02 17:37 - 2013-11-02 17:37 - 00000000 ____D C:\Users\Acer\AppData\Local\GHISLER
2013-11-01 20:48 - 2013-11-01 20:48 - 00000000 ____D C:\Users\Acer\Documents\Eidos
2013-11-01 20:46 - 2013-11-01 20:46 - 00000000 ____D C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 20:28 - 2013-11-01 20:28 - 00000000 ____D C:\Program Files (x86)\Eidos
2013-10-29 19:42 - 2013-10-29 19:42 - 00000000 ____D C:\Users\Acer\Documents\FLiNGTrainer
2013-10-20 11:44 - 2013-10-20 11:44 - 00001919 _____ C:\Users\Acer\Desktop\Vietcong 2.lnk
2013-10-20 11:44 - 2013-10-20 11:44 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vietcong 2
2013-10-20 11:39 - 2013-10-20 11:47 - 00000000 ____D C:\Program Files (x86)\Vietcong2
2013-10-20 11:37 - 2013-10-20 11:37 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-10-19 14:12 - 2013-10-19 14:12 - 00000166 _____ C:\Windows\SysWOW64\queries-02.cache
2013-10-19 13:21 - 2013-10-19 13:29 - 00000000 ____D C:\Program Files (x86)\LCP
2013-10-19 13:21 - 2013-10-19 13:21 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCP
2013-10-18 17:16 - 2013-10-18 17:18 - 00000000 ____D C:\Users\Acer\Downloads\Download.am
2013-10-18 17:15 - 2013-11-02 16:51 - 00000000 ____D C:\Users\Acer\AppData\Local\download.am-data
2013-10-18 17:15 - 2013-10-18 17:15 - 00001041 _____ C:\Users\Acer\Desktop\Download.am.lnk
2013-10-18 17:15 - 2013-10-18 17:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-10-18 17:15 - 2013-10-18 17:15 - 00000000 ____D C:\Program Files (x86)\Download.am
2013-10-18 14:58 - 2013-10-18 14:58 - 00000769 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2013-10-18 14:58 - 2013-10-18 14:58 - 00000000 ____D C:\Games
2013-10-13 09:35 - 2013-10-13 09:35 - 00000970 _____ C:\Users\Public\Desktop\Vietcong - Fist Alpha.lnk
2013-10-13 09:35 - 2013-10-13 09:35 - 00000936 _____ C:\Users\Public\Desktop\Vietcong.lnk
2013-10-12 16:43 - 2013-10-12 16:43 - 00000000 ____D C:\Program Files (x86)\Cenega Czech
2013-10-12 12:43 - 2013-10-12 12:43 - 00002193 _____ C:\Users\Public\Desktop\Floorball League.lnk
2013-10-12 12:41 - 2013-10-12 12:49 - 00000000 ____D C:\Users\Acer\AppData\Local\Floorball League
2013-10-12 12:41 - 2013-10-12 12:41 - 00000000 ____D C:\Program Files (x86)\Prodigium Game Studios
2013-10-12 10:05 - 2013-10-12 11:29 - 00000000 ____D C:\Users\Acer\Documents\NHL09
2013-10-06 14:41 - 2013-10-06 14:41 - 00000000 ____D C:\Users\Acer\Desktop\Hammerfall-Threshold-2006
2013-10-06 14:41 - 2013-10-06 14:41 - 00000000 ____D C:\Users\Acer\Desktop\[2007] After Forever
2013-10-06 14:10 - 2013-11-02 21:08 - 00000000 ____D C:\Users\Acer\Desktop\maiden
2013-10-06 13:57 - 2013-10-06 14:07 - 00000000 ____D C:\Users\Acer\Desktop\manowar 2002
2013-10-05 20:42 - 2013-10-19 14:12 - 00000065 _____ C:\Windows\SysWOW64\cache.00

==================== One Month Modified Files and Folders =======

2013-11-03 14:36 - 2013-11-03 14:36 - 00000000 ____D C:\FRST
2013-11-03 14:35 - 2013-03-13 16:36 - 00000000 ____D C:\stah
2013-11-03 14:34 - 2013-11-03 14:34 - 00112128 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2013-11-03 14:32 - 2013-11-03 14:31 - 01957098 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2013-11-03 14:30 - 2013-09-26 18:44 - 00000000 ____D C:\Windows\Minidump
2013-11-03 14:28 - 2013-03-07 16:47 - 00000000 ____D C:\Users\Acer
2013-11-03 14:25 - 2009-07-14 05:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 14:25 - 2009-07-14 05:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-03 14:21 - 2013-03-07 16:37 - 01774794 _____ C:\Windows\WindowsUpdate.log
2013-11-03 14:17 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-03 14:16 - 2013-08-30 17:52 - 00036018 _____ C:\Windows\PFRO.log
2013-11-03 14:16 - 2013-08-30 11:24 - 00001421 _____ C:\Windows\setupact.log
2013-11-03 14:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-03 14:16 - 2009-07-14 03:34 - 55586816 _____ C:\Windows\system32\config\software.bak
2013-11-03 14:16 - 2009-07-14 03:34 - 18087936 _____ C:\Windows\system32\config\system.bak
2013-11-03 14:16 - 2009-07-14 03:34 - 00290816 _____ C:\Windows\system32\config\default.bak
2013-11-03 14:16 - 2009-07-14 03:34 - 00098304 _____ C:\Windows\system32\config\sam.bak
2013-11-03 14:16 - 2009-07-14 03:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-11-03 13:50 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-03 13:43 - 2013-09-26 18:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\update_tc
2013-11-03 13:25 - 2013-11-03 13:25 - 00000000 ____D C:\Users\Acer\Desktop\rkill
2013-11-03 11:38 - 2013-11-03 11:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 11:36 - 2013-11-03 11:36 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-03 11:36 - 2013-11-03 11:36 - 00000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2013-11-03 11:35 - 2013-11-03 11:35 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-03 11:35 - 2013-11-03 11:35 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-03 11:35 - 2013-11-03 11:35 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-03 11:35 - 2013-03-08 09:12 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-03 11:34 - 2013-03-08 09:10 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-03 11:25 - 2013-03-13 08:21 - 00000000 ____D C:\Program Files (x86)\programy
2013-11-03 10:14 - 2013-11-03 10:14 - 00000000 ____D C:\Program Files\trend micro
2013-11-03 09:54 - 2013-05-19 06:37 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2013-11-03 09:48 - 2010-11-21 10:27 - 00666444 _____ C:\Windows\system32\perfh005.dat
2013-11-03 09:48 - 2010-11-21 10:27 - 00140108 _____ C:\Windows\system32\perfc005.dat
2013-11-03 09:48 - 2009-07-14 06:13 - 01576554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 09:38 - 2013-03-13 15:59 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2013-11-02 21:08 - 2013-10-06 14:10 - 00000000 ____D C:\Users\Acer\Desktop\maiden
2013-11-02 19:42 - 2013-11-02 19:35 - 00002561 _____ C:\Windows\diagwrn.xml
2013-11-02 19:42 - 2013-11-02 19:35 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-02 19:35 - 2013-08-30 11:24 - 00000000 _____ C:\Windows\setuperr.log
2013-11-02 19:30 - 2013-08-17 15:55 - 00000000 ____D C:\Program Files (x86)\PES 13
2013-11-02 18:09 - 2013-05-26 18:21 - 00000000 ____D C:\Program Files\Instair
2013-11-02 18:05 - 2013-11-02 18:05 - 00002971 _____ C:\Users\Acer\Desktop\HiJackThis.lnk
2013-11-02 18:05 - 2013-11-02 18:05 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-11-02 18:05 - 2013-11-02 18:05 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-02 17:37 - 2013-11-02 17:37 - 00000000 ____D C:\Users\Acer\AppData\Local\GHISLER
2013-11-02 16:55 - 2013-08-01 17:07 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Seznam.cz
2013-11-02 16:54 - 2013-08-15 16:25 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-02 16:51 - 2013-10-18 17:15 - 00000000 ____D C:\Users\Acer\AppData\Local\download.am-data
2013-11-01 22:12 - 2013-08-01 08:45 - 00000000 ____D C:\Users\Acer\AppData\Roaming\BitTorrent
2013-11-01 20:48 - 2013-11-01 20:48 - 00000000 ____D C:\Users\Acer\Documents\Eidos
2013-11-01 20:46 - 2013-11-01 20:46 - 00000000 ____D C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 20:45 - 2013-08-31 09:47 - 00148628 _____ C:\Windows\DirectX.log
2013-11-01 20:28 - 2013-11-01 20:28 - 00000000 ____D C:\Program Files (x86)\Eidos
2013-11-01 20:28 - 2013-03-08 09:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-01 20:26 - 2013-08-08 16:31 - 00000000 ____D C:\Users\Acer\AppData\Local\Downloaded Installations
2013-10-29 19:42 - 2013-10-29 19:42 - 00000000 ____D C:\Users\Acer\Documents\FLiNGTrainer
2013-10-29 08:46 - 2013-05-29 15:40 - 00000000 ____D C:\Users\Acer\AppData\Local\CrashDumps
2013-10-20 11:47 - 2013-10-20 11:39 - 00000000 ____D C:\Program Files (x86)\Vietcong2
2013-10-20 11:45 - 2013-03-14 10:46 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-20 11:44 - 2013-10-20 11:44 - 00001919 _____ C:\Users\Acer\Desktop\Vietcong 2.lnk
2013-10-20 11:44 - 2013-10-20 11:44 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vietcong 2
2013-10-20 11:37 - 2013-10-20 11:37 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-10-19 14:12 - 2013-10-19 14:12 - 00000166 _____ C:\Windows\SysWOW64\queries-02.cache
2013-10-19 14:12 - 2013-10-05 20:42 - 00000065 _____ C:\Windows\SysWOW64\cache.00
2013-10-19 13:29 - 2013-10-19 13:21 - 00000000 ____D C:\Program Files (x86)\LCP
2013-10-19 13:21 - 2013-10-19 13:21 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCP
2013-10-18 17:18 - 2013-10-18 17:16 - 00000000 ____D C:\Users\Acer\Downloads\Download.am
2013-10-18 17:15 - 2013-10-18 17:15 - 00001041 _____ C:\Users\Acer\Desktop\Download.am.lnk
2013-10-18 17:15 - 2013-10-18 17:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-10-18 17:15 - 2013-10-18 17:15 - 00000000 ____D C:\Program Files (x86)\Download.am
2013-10-18 15:37 - 2013-03-13 09:01 - 00002354 _____ C:\Users\Acer\Desktop\Google Chrome.lnk
2013-10-18 15:26 - 2013-05-22 17:09 - 00003930 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA
2013-10-18 15:26 - 2013-05-22 17:09 - 00003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core
2013-10-18 14:58 - 2013-10-18 14:58 - 00000769 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2013-10-18 14:58 - 2013-10-18 14:58 - 00000000 ____D C:\Games
2013-10-18 14:58 - 2013-04-20 15:11 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-10-13 09:35 - 2013-10-13 09:35 - 00000970 _____ C:\Users\Public\Desktop\Vietcong - Fist Alpha.lnk
2013-10-13 09:35 - 2013-10-13 09:35 - 00000936 _____ C:\Users\Public\Desktop\Vietcong.lnk
2013-10-12 16:43 - 2013-10-12 16:43 - 00000000 ____D C:\Program Files (x86)\Cenega Czech
2013-10-12 12:49 - 2013-10-12 12:41 - 00000000 ____D C:\Users\Acer\AppData\Local\Floorball League
2013-10-12 12:43 - 2013-10-12 12:43 - 00002193 _____ C:\Users\Public\Desktop\Floorball League.lnk
2013-10-12 12:43 - 2013-05-12 15:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-10-12 12:43 - 2013-05-12 15:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-10-12 12:41 - 2013-10-12 12:41 - 00000000 ____D C:\Program Files (x86)\Prodigium Game Studios
2013-10-12 11:29 - 2013-10-12 10:05 - 00000000 ____D C:\Users\Acer\Documents\NHL09
2013-10-12 10:01 - 2013-08-08 16:42 - 00004464 _____ C:\Windows\SysWOW64\ealregsnapshot1.reg
2013-10-12 09:57 - 2013-03-23 19:02 - 00000000 ____D C:\Program Files (x86)\EA Sports
2013-10-06 14:41 - 2013-10-06 14:41 - 00000000 ____D C:\Users\Acer\Desktop\Hammerfall-Threshold-2006
2013-10-06 14:41 - 2013-10-06 14:41 - 00000000 ____D C:\Users\Acer\Desktop\[2007] After Forever
2013-10-06 14:07 - 2013-10-06 13:57 - 00000000 ____D C:\Users\Acer\Desktop\manowar 2002

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-29 16:50




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:78.41 GB) NTFS

Available physical RAM: 2484.75 MB
Total physical RAM: 3956.44 MB
Percentage of memory in use: 37%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6C54A05B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Acer\Desktop" je 10765 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
  
  CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
  CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
  CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
  CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
  
  2013-11-03 13:25 - 2013-11-03 13:25 - 00000000 ____D C:\Users\Acer\Desktop\rkill
  2013-11-02 18:05 - 2013-11-02 18:05 - 00002971 _____ C:\Users\Acer\Desktop\HiJackThis.lnk
  2013-11-03 14:34 - 2013-11-03 14:34 - 00112128 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
  2013-11-03 13:43 - 2013-09-26 18:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\update_tc
  
  Hosts:
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[robert.halas]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Acer at 2013-11-03 15:12:03 Run:1
Running from C:\Users\Acer\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

2013-11-03 13:25 - 2013-11-03 13:25 - 00000000 ____D C:\Users\Acer\Desktop\rkill
2013-11-02 18:05 - 2013-11-02 18:05 - 00002971 _____ C:\Users\Acer\Desktop\HiJackThis.lnk
2013-11-03 14:34 - 2013-11-03 14:34 - 00112128 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2013-11-03 13:43 - 2013-09-26 18:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\update_tc

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Printsrv => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.
C:\Users\Acer\Desktop\rkill => Moved successfully.
C:\Users\Acer\Desktop\HiJackThis.lnk => Moved successfully.
C:\Users\Acer\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Acer\AppData\Roaming\update_tc => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

[vyosek]

Fajn, jak se chova nas pacient a flash disk??

[robert.halas]

furt kdyz zapnu flašku furt se mi objevuje zastupce
nemam treba formatovat flešku

[robert.halas]

Jsi borec!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Stačilo pouze avastem projet soubor a naformatovat a uz to běží
Fakt jsi borec

[robert.halas]

mám dnes poslední otázku a to jestli mužu smazat ti soubory.

[robert.halas]

Üž musil jed tak naschle v pátek