Kontrola Logu - Preventivka

Zpráva

flatoutik · #1 Příspěvek od **flatoutik** » 28 čer 2017 12:05

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2017-06-28 12:55:33
Microsoft Windows 8.1
System drive C: has 128 GB (52%) free of 244 GB
Total RAM: 3325 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:45, on 28. 6. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Avira\Antivirus\avgnt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Bloody6\Bloody6\Bloody6.exe
C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\Admin\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Users\Admin\AppData\Local\Discord\app-0.0.297\Discord.exe
C:\Program Files\Avira\Launcher\Avira.Systray.exe
C:\Users\Admin\Documents\ATI.ACE\Core-Static\MOM.exe
C:\Users\Admin\Documents\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Downloads\RSIT.exe
C:\Program Files\trend micro\Admin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE12DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Users\Admin\Documents\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files\Bloody6\Bloody6\Bloody6.exe" Minimum
O4 - HKCU\..\Run: [Discord] C:\Users\Admin\AppData\Local\Discord\app-0.0.297\Discord.exe
O4 - HKCU\..\Run: [EvolveClient] "C:\Program Files\Echobit\Evolve\EvolveClient.exe" -autorun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files\Common Files\BattlEye\BEService.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: Evolve Service (EvoSvc) - Echobit LLC - C:\Program Files\Echobit\Evolve\EvoSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files\Origin\OriginWebHelperService.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 5835 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Product InstallerIdle.job - C:\Users\Admin\AppData\Local\Temp\in364BB553\1927CDD6_stp\SymInstallStub.exe /partnerid=afterdld /productlist=nss /staging=false /affid=afterdld12_16_50 /delay=0 /launchedby=4

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2015-12-26 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-12-26 171424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"StartCCC"=C:\Users\Admin\Documents\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2017-01-20 2780112]
"Avira SystrayStartTrigger"=C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [2017-06-08 97512]
"avgnt"=C:\Program Files\Avira\Antivirus\avgnt.exe [2017-06-02 918008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\steam.exe [2017-06-08 3042592]
"Bloody2"=C:\Program Files\Bloody6\Bloody6\Bloody6.exe [2017-01-23 19337216]
"Discord"=C:\Users\Admin\AppData\Local\Discord\app-0.0.297\Discord.exe [2017-01-04 64290304]
"EvolveClient"=C:\Program Files\Echobit\Evolve\EvolveClient.exe [2017-04-10 3334528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-06-28 12:55:34 ----D---- C:\Program Files\trend micro
2017-06-28 12:55:33 ----D---- C:\rsit
2017-06-17 18:30:16 ----D---- C:\Users\Admin\AppData\Roaming\Avira
2017-06-17 18:24:42 ----A---- C:\Windows\system32\drivers\avusbflt.sys
2017-06-17 18:24:42 ----A---- C:\Windows\system32\drivers\avdevprot.sys
2017-06-17 18:24:41 ----A---- C:\Windows\system32\drivers\avnetflt.sys
2017-06-17 18:24:41 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2017-06-17 18:24:41 ----A---- C:\Windows\system32\drivers\avipbb.sys
2017-06-17 18:24:41 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2017-06-17 18:17:30 ----D---- C:\ProgramData\Avira
2017-06-17 18:17:30 ----D---- C:\Program Files\Avira
2017-06-17 18:15:17 ----A---- C:\Windows\wininit.ini
2017-06-14 14:34:34 ----A---- C:\Windows\system32\mshtml.dll
2017-06-14 14:34:32 ----A---- C:\Windows\system32\shell32.dll
2017-06-14 14:34:31 ----A---- C:\Windows\system32\ieframe.dll
2017-06-14 14:34:30 ----A---- C:\Windows\system32\jscript9.dll
2017-06-14 14:34:29 ----A---- C:\Windows\system32\ntoskrnl.exe
2017-06-14 14:34:29 ----A---- C:\Windows\system32\glcndFilter.dll
2017-06-14 14:34:28 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-14 14:34:28 ----A---- C:\Windows\system32\win32k.sys
2017-06-14 14:34:27 ----A---- C:\Windows\system32\wuaueng.dll
2017-06-14 14:34:27 ----A---- C:\Windows\system32\wininet.dll
2017-06-14 14:34:27 ----A---- C:\Windows\system32\DWrite.dll
2017-06-14 14:34:27 ----A---- C:\Windows\system32\drivers\tdx.sys
2017-06-14 14:34:27 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-06-14 14:34:26 ----A---- C:\Windows\system32\tquery.dll
2017-06-14 14:34:26 ----A---- C:\Windows\system32\gpsvc.dll
2017-06-14 14:34:26 ----A---- C:\Windows\system32\gdi32.dll
2017-06-14 14:34:26 ----A---- C:\Windows\system32\FntCache.dll
2017-06-14 14:34:25 ----A---- C:\Windows\system32\win32spl.dll
2017-06-14 14:34:25 ----A---- C:\Windows\system32\schannel.dll
2017-06-14 14:34:25 ----A---- C:\Windows\system32\ntdll.dll
2017-06-14 14:34:25 ----A---- C:\Windows\system32\mssrch.dll
2017-06-14 14:34:25 ----A---- C:\Windows\system32\lsasrv.dll
2017-06-14 14:34:25 ----A---- C:\Windows\system32\localspl.dll
2017-06-14 14:34:24 ----A---- C:\Windows\system32\wuauclt.exe
2017-06-14 14:34:24 ----A---- C:\Windows\system32\wpd_ci.dll
2017-06-14 14:34:24 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 14:34:24 ----A---- C:\Windows\system32\drivers\tm.sys
2017-06-14 14:34:24 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2017-06-14 14:34:24 ----A---- C:\Windows\system32\dpapisrv.dll
2017-06-14 14:34:24 ----A---- C:\Windows\system32\atmfd.dll
2017-06-14 14:34:24 ----A---- C:\Windows\HelpPane.exe
2017-06-14 14:34:22 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2017-06-14 14:34:22 ----A---- C:\Windows\system32\wpdbusenum.dll
2017-06-14 14:34:22 ----A---- C:\Windows\system32\urlmon.dll
2017-06-14 14:34:22 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-06-14 14:34:22 ----A---- C:\Windows\system32\mssvp.dll
2017-06-14 14:34:22 ----A---- C:\Windows\system32\mssph.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\wuwebv.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\wudriver.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\wucltux.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\wuapp.exe
2017-06-14 14:34:21 ----A---- C:\Windows\system32\wuapi.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\vbscript.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\msfeeds.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\jscript.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\inetcomm.dll
2017-06-14 14:34:21 ----A---- C:\Windows\system32\ieapfltr.dll
2017-06-14 14:34:20 ----A---- C:\Windows\system32\atmlib.dll
2017-06-10 09:33:02 ----D---- C:\Users\Admin\AppData\Roaming\Teeworlds

======List of files/folders modified in the last 1 month======

2017-06-28 12:55:40 ----D---- C:\Windows\Prefetch
2017-06-28 12:55:37 ----D---- C:\Windows\Temp
2017-06-28 12:55:34 ----RD---- C:\Program Files
2017-06-28 12:50:55 ----D---- C:\ProgramData\Origin
2017-06-28 12:49:37 ----D---- C:\Users\Admin\AppData\Roaming\Origin
2017-06-28 12:16:51 ----D---- C:\Windows\Microsoft.NET
2017-06-28 12:09:26 ----D---- C:\Windows\system32\config
2017-06-28 12:06:19 ----D---- C:\Program Files\Steam
2017-06-28 12:05:57 ----D---- C:\Windows\system32\sru
2017-06-27 20:51:58 ----D---- C:\WarThunder
2017-06-27 17:46:09 ----SHD---- C:\System Volume Information
2017-06-27 14:21:47 ----RSD---- C:\Windows\assembly
2017-06-27 14:21:23 ----D---- C:\Windows\Logs
2017-06-27 13:41:20 ----D---- C:\Program Files\TeamViewer
2017-06-27 12:30:01 ----D---- C:\Program Files\Origin
2017-06-21 18:19:22 ----D---- C:\Windows\System32
2017-06-21 18:19:22 ----D---- C:\Windows\inf
2017-06-21 18:19:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-06-21 18:13:45 ----D---- C:\Users\Admin\AppData\Roaming\discord
2017-06-20 20:24:50 ----D---- C:\Windows\system32\Tasks
2017-06-20 20:24:50 ----D---- C:\Program Files\Opera
2017-06-19 14:35:58 ----D---- C:\Windows\debug
2017-06-17 18:34:33 ----D---- C:\ProgramData\AVAST Software
2017-06-17 18:34:32 ----D---- C:\Windows\system32\Drivers
2017-06-17 18:34:32 ----D---- C:\Windows
2017-06-17 18:34:32 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2017-06-17 18:34:32 ----D---- C:\Program Files\Common Files\AV
2017-06-17 18:29:06 ----SHD---- C:\Windows\Installer
2017-06-17 18:19:17 ----RSD---- C:\Windows\Fonts
2017-06-17 18:17:30 ----HD---- C:\ProgramData
2017-06-17 18:17:27 ----D---- C:\ProgramData\Package Cache
2017-06-17 18:15:18 ----SD---- C:\ProgramData\Microsoft
2017-06-17 18:15:18 ----D---- C:\ProgramData\Spybot - Search & Destroy
2017-06-17 18:09:13 ----D---- C:\Users\Admin\AppData\Roaming\Seznam.cz
2017-06-17 18:08:56 ----D---- C:\Program Files\Seznam.cz
2017-06-17 18:08:14 ----D---- C:\Users\Admin\AppData\Roaming\TS3Client
2017-06-17 18:04:48 ----D---- C:\Program Files\unkbackup7z_00000000
2017-06-16 15:18:13 ----D---- C:\Windows\rescache
2017-06-16 15:06:41 ----D---- C:\Windows\system32\catroot2
2017-06-16 15:01:17 ----D---- C:\Windows\system32\DriverStore
2017-06-16 14:59:07 ----HD---- C:\Program Files\WindowsApps
2017-06-16 14:59:07 ----D---- C:\Windows\AppReadiness
2017-06-15 19:27:00 ----D---- C:\Windows\WinSxS
2017-06-14 16:21:58 ----RD---- C:\Windows\ToastData
2017-06-14 14:42:36 ----D---- C:\Windows\CbsTemp
2017-06-14 14:41:30 ----D---- C:\Windows\system32\MRT
2017-06-14 14:36:11 ----AC---- C:\Windows\system32\MRT.exe
2017-06-08 15:04:13 ----D---- C:\Program Files\Common Files\Steam
2017-06-03 04:31:39 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-05-31 13:53:24 ----D---- C:\Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avdevprot;avdevprot; C:\Windows\system32\DRIVERS\avdevprot.sys [2017-06-02 54088]
R0 avusbflt;avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [2017-06-02 37472]
R0 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [2017-06-21 220088]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2017-06-02 162080]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2017-06-02 53256]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2016-08-13 57344]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2017-06-02 140296]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2017-06-02 77560]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 BCM43XX;@netbc63.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl63l.sys [2013-07-01 4715008]
R3 RTL8168;@netrt630x86.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2013-06-18 490496]
S3 dg_ssudbus;@oem2.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-09-05 109184]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 ssudmdm;@oem4.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-09-05 147072]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2015-10-10 62976]
S3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;Služba Reflektor UMDF pro zprostředkovatele umístění (LocationProvider); C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\System32\drivers\WUDFRd.sys [2014-10-29 190976]
S3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\Antivirus\avguard.exe [2017-06-02 490968]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\Antivirus\sched.exe [2017-06-02 490968]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [2017-06-08 356256]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 33088]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2017-01-20 3303888]
R2 Origin Web Helper Service;Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [2017-06-27 3148184]
R2 TeamViewer;TeamViewer 12; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2017-05-23 10884848]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2017-06-08 1607968]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files\Avira\Antivirus\avmailc7.exe [2017-06-02 1128432]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files\Avira\Antivirus\avwebg7.exe [2017-06-02 1524216]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-13 144200]
S2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2013-12-11 1050904]
S3 BEService;BattlEye Service; C:\Program Files\Common Files\BattlEye\BEService.exe [2017-04-07 1283592]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S3 EasyAntiCheat;EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [2016-06-17 245544]
S3 EvoSvc;Evolve Service; C:\Program Files\Echobit\Evolve\EvoSvc.exe [2017-04-10 1583488]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-13 144200]
S3 Origin Client Service;Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2017-06-27 2168208]

-----------------EOF-----------------

sorcer · #2 Příspěvek od **sorcer** » 28 čer 2017 21:25

Dobrý den,

1) Zde je ke stahnutí AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
2) Utilitu uložte na plochu
3) Mate-li spuštěné, ukončete všechny otevřené programy
4) Následně klikněte nejprve na Skenování a poté Čistění
5) Po dokončení skenováni se objeví log, který sem vložte

flatoutik · #3 Příspěvek od **flatoutik** » 29 čer 2017 15:34

Dobrý den,
# AdwCleaner v6.047 - Log vytvořen 29/06/2017 v 16:26:47
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-06-28.2 [Místní]
# Operační systém : Windows 8.1 (X86)
# Uživatelské jméno : Admin - DETI
# Spuštěno z : C:\Users\Admin\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support

***** [ Služby ] *****

***** [ Složky ] *****

[#] Složka smazána po restartu: C:\Windows\system32\_TSpm
[-] Složka smazána: C:\Users\Admin\AppData\Local\Firefox
[-] Složka smazána: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp

***** [ Soubory ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupci ] *****

***** [ Naplánované úlohy ] *****

***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2317573975-763022036-3324800814-1001\Products\E4DFFE2B890D5484D965ED57EB3B9531
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2317573975-763022036-3324800814-1001\Products\29993591C160B8E40935701B5703A34F
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29993591C160B8E40935701B5703A34F
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA0118CE95AE0D70F14E7E8A72452C8
[#] Klíč smazán po restartu: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29993591C160B8E40935701B5703A34F
[-] Klíč smazán: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML
[-] Klíč smazán: HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp

***** [ Prohlížeče ] *****

[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Smazáno: hxxp://www.startpageing123.com/?type=hp&ts=148 ... 2981401226
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default] [favicon_url] Smazáno: hxxp://www.yoursearchweb.com/searchfavicon.ico
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default] [extension] Smazáno: ipmkfpcnmccejididiaagpgchgjfajgp
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default] [homepage] Smazáno: hxxp://www.startpageing123.com/?type=hp&ts=148 ... 2981401226

*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8933 Bajty] - [24/02/2017 20:31:26]
C:\AdwCleaner\AdwCleaner[C2].txt - [3006 Bajty] - [29/06/2017 16:26:47]
C:\AdwCleaner\AdwCleaner[S0].txt - [8514 Bajty] - [24/02/2017 20:29:17]
C:\AdwCleaner\AdwCleaner[S1].txt - [3726 Bajty] - [29/06/2017 16:08:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [3743 Bajty] - [29/06/2017 16:21:33]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3298 Bajty] ##########

sorcer · #4 Příspěvek od **sorcer** » 29 čer 2017 17:03

Proveďte prosím sken FRST. http://forum.viry.cz/viewtopic.php?f=24&t=132509

Log z FRST i Addition vložte sem, do Vašeho topicu.

Při varování u stahování FRSTLauncheru, vyberte v pravém dolním rohu Ignorovat

Lépe vypnouti antivir, některé detekují utilitu jako závadnou, ač není!

Nepůjde-li Vám Launcher stáhnout, vytvořte logy, použitím samotného FRST (bez Launcheru)

flatoutik · #5 Příspěvek od **flatoutik** » 29 čer 2017 18:08

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2017
Ran by Admin (administrator) on DETI (29-06-2017 19:04:48)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 8.1 (Update) (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
() C:\Program Files\Bloody6\Bloody6\Bloody6.exe
(Hammer & Chisel, Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Admin\AppData\Local\Discord\app-0.0.297\Discord.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Advanced Micro Devices Inc.) C:\Users\Admin\Documents\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Users\Admin\Documents\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Valve Corporation) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [StartCCC] => C:\Users\Admin\Documents\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-08] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [918008 2017-06-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\Run: [Bloody2] => C:\Program Files\Bloody6\Bloody6\Bloody6.exe [19337216 2017-01-23] ()
HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\Run: [Discord] => C:\Users\Admin\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2017-04-10] (Echobit LLC)
HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\MountPoints2: {64d9b697-3c2d-11e6-9749-001cc073b75c} - "E:\Lenovo_Suite.exe"
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{81391026-3614-4042-84C3-1CA83E97816B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{826EB2C2-ADD3-4C26-A403-04C48B22FB48}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
SearchScopes: HKU\S-1-5-21-2317573975-763022036-3324800814-1001 -> 1090F94A4425CCBDA908235247314E59 URL = hxxp://www.zbozi.cz/?sourceid=quicksearch_6826&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2317573975-763022036-3324800814-1001 -> 25F20C872AE8F3B5B2DA53DC5D07FF51 URL = hxxp://videa.seznam.cz/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2317573975-763022036-3324800814-1001 -> 7B92CEF2AC7A6ECB1003AB16975224D8 URL = hxxp://www.firmy.cz/phr/{searchTerms}
SearchScopes: HKU\S-1-5-21-2317573975-763022036-3324800814-1001 -> E558CF1C1E6B988B00F5B748C9014907 URL = hxxp://www.mapy.cz/?sourceid=quicksearch_6826& ... earchTerms}
SearchScopes: HKU\S-1-5-21-2317573975-763022036-3324800814-1001 -> {A2E6F6A7-C086-462C-9D00-FE7EEFE9A1B6} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-12-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-12-26] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-05-18]
FF Extension: (Avira Password Manager) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\passwordmanager@avira.com [2017-06-17]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\safesearchplus2@avira.com [2017-06-17]
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2015-12-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-12-26] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Prezentace Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-13]
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-13]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-13]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-13]
CHR Extension: (Avira Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-06-19]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-13]
CHR Extension: (Tabulky Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-13]
CHR Extension: (Heroes & Generals) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2016-06-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-13]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1128432 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1524216 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [356256 2017-06-08] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [1283592 2017-04-07] ()
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [245544 2016-06-17] (EasyAntiCheat Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2017-04-10] (Echobit LLC)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [2168208 2017-06-27] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files\Origin\OriginWebHelperService.exe [3148184 2017-06-27] (Electronic Arts)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10884848 2017-05-23] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280872 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103696 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [54088 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [140296 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [162080 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [53256 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [77560 2017-06-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [37472 2017-06-02] (Avira Operations GmbH & Co. KG)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63l.sys [4715008 2013-07-01] (Broadcom Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-29] (Malwarebytes)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [38920 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [231256 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [85336 2017-01-12] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [190976 2014-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 19:04 - 2017-06-29 19:05 - 00013866 _____ C:\Users\Admin\Desktop\FRST.txt
2017-06-29 19:04 - 2017-06-29 19:04 - 00000000 ____D C:\FRST
2017-06-29 19:02 - 2017-06-29 19:04 - 00029696 _____ C:\Users\Admin\AppData\Local\MSGBOX.EXE
2017-06-29 19:02 - 2017-06-29 19:04 - 00015327 _____ C:\Users\Admin\Desktop\LM.bat
2017-06-29 19:02 - 2017-06-29 19:02 - 01779712 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2017-06-29 19:02 - 2017-06-29 19:02 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2017-06-28 14:41 - 2017-06-28 14:41 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Mana Potion Studios
2017-06-28 12:55 - 2017-06-28 12:55 - 00000000 ____D C:\rsit
2017-06-28 12:55 - 2017-06-28 12:55 - 00000000 ____D C:\Program Files\trend micro
2017-06-27 21:02 - 2017-06-27 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-17 18:30 - 2017-06-17 18:30 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Avira
2017-06-17 18:24 - 2017-06-17 18:24 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-06-17 18:24 - 2017-06-02 19:05 - 00162080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-06-17 18:24 - 2017-06-02 19:05 - 00140296 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-17 18:24 - 2017-06-02 19:05 - 00077560 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-06-17 18:24 - 2017-06-02 19:05 - 00054088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-06-17 18:24 - 2017-06-02 19:05 - 00053256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-06-17 18:24 - 2017-06-02 19:05 - 00037472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-06-17 18:21 - 2017-06-17 18:28 - 00000000 ____D C:\Users\Admin\AppData\Local\Avira
2017-06-17 18:17 - 2017-06-17 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-06-17 18:17 - 2017-06-17 18:29 - 00000000 ____D C:\ProgramData\Avira
2017-06-17 18:17 - 2017-06-17 18:29 - 00000000 ____D C:\Program Files\Avira
2017-06-17 18:16 - 2017-06-17 18:16 - 04799712 _____ (Avira Operations GmbH & Co. KG) C:\Users\Admin\Downloads\avira_en_fass0_594555b1d4e61__ws.exe
2017-06-17 18:15 - 2017-06-17 18:15 - 00000079 _____ C:\Windows\wininit.ini
2017-06-17 18:06 - 2017-06-17 18:06 - 09599704 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup531pro.exe
2017-06-15 19:37 - 2017-06-15 19:37 - 00000000 ____D C:\Users\Admin\Documents\Gameloft
2017-06-14 14:34 - 2017-06-02 12:25 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 14:34 - 2017-06-02 12:24 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 14:34 - 2017-06-02 12:19 - 00900096 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 14:34 - 2017-06-02 12:17 - 00699392 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 14:34 - 2017-06-02 12:02 - 02751488 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 14:34 - 2017-06-02 11:43 - 01920000 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 14:34 - 2017-06-02 11:43 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 14:34 - 2017-05-15 20:41 - 00098656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-14 14:34 - 2017-05-15 00:15 - 01119736 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 14:34 - 2017-05-14 21:35 - 03468800 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 14:34 - 2017-05-14 21:33 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 14:34 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 14:34 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 14:34 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 14:34 - 2017-05-14 21:04 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 14:34 - 2017-05-14 20:48 - 05274112 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-06-14 14:34 - 2017-05-14 20:46 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-06-14 14:34 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 14:34 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 14:34 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 14:34 - 2017-05-14 20:16 - 05268992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-14 14:34 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 14:34 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 14:34 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 14:34 - 2017-05-14 20:01 - 05763928 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 14:34 - 2017-05-14 20:01 - 01472056 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 14:34 - 2017-05-14 20:00 - 00128568 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 14:34 - 2017-05-12 19:05 - 00035840 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 14:34 - 2017-05-12 18:13 - 01559552 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 14:34 - 2017-05-12 18:10 - 01088000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 14:34 - 2017-05-12 17:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 14:34 - 2017-05-12 17:50 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 14:34 - 2017-05-12 17:49 - 03074560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 14:34 - 2017-05-12 17:48 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-06-14 14:34 - 2017-05-12 17:48 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 14:34 - 2017-05-12 17:47 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 14:34 - 2017-05-12 17:43 - 02174464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 14:34 - 2017-05-12 01:32 - 19788672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 14:34 - 2017-05-10 20:16 - 00083288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 14:34 - 2017-05-06 17:58 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 14:34 - 2017-05-06 17:58 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 14:34 - 2017-04-06 18:32 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2017-06-14 14:34 - 2017-04-06 18:16 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 14:34 - 2017-04-06 18:15 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 14:34 - 2017-04-06 18:08 - 01211904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-06-14 14:34 - 2017-04-06 17:39 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-06-14 14:34 - 2017-04-02 16:21 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-14 14:34 - 2017-04-02 10:03 - 01681240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-06-10 09:33 - 2017-06-10 09:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Teeworlds
2017-05-31 16:00 - 2017-06-27 17:45 - 00000000 ____D C:\Users\Admin\Desktop\pordel
2017-05-31 14:02 - 2017-05-31 14:02 - 00000000 ____D C:\Users\Admin\AppData\Local\Targem
2017-05-31 13:53 - 2017-06-12 14:59 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout
2017-05-31 13:53 - 2017-05-31 13:53 - 00000724 _____ C:\Users\Admin\Desktop\ Crossout Launcher.lnk
2017-05-31 13:52 - 2017-05-31 13:52 - 04667976 _____ ( ) C:\Users\Admin\Downloads\crossout_launcher_1.0.3.9.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-29 19:04 - 2017-04-07 17:06 - 00000000 ____D C:\Users\Admin\Desktop\ty veci ktere neznam
2017-06-29 18:35 - 2016-12-16 20:28 - 00000680 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2017-06-29 17:51 - 2016-03-07 21:37 - 00000000 ____D C:\Program Files\Steam
2017-06-29 16:37 - 2015-12-13 18:23 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-29 16:37 - 2013-08-22 16:13 - 00738682 _____ C:\Windows\system32\perfh005.dat
2017-06-29 16:37 - 2013-08-22 16:13 - 00151404 _____ C:\Windows\system32\perfc005.dat
2017-06-29 16:37 - 2013-08-22 08:21 - 00000000 ____D C:\Windows\inf
2017-06-29 16:34 - 2017-02-24 19:42 - 00220576 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-29 16:34 - 2017-02-24 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-29 16:29 - 2013-08-22 09:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-29 16:28 - 2013-08-22 08:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-29 16:27 - 2016-12-28 20:16 - 00000000 ____D C:\Program Files\TeamViewer
2017-06-29 16:26 - 2017-02-24 20:23 - 00000000 ____D C:\AdwCleaner
2017-06-29 16:23 - 2016-06-24 13:27 - 00000000 ____D C:\Windows\system32\_TSpm
2017-06-28 17:49 - 2017-02-22 14:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-06-28 12:50 - 2016-07-04 16:03 - 00000000 ____D C:\ProgramData\Origin
2017-06-28 12:49 - 2016-11-12 20:33 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Origin
2017-06-28 12:18 - 2017-02-24 19:36 - 00002149 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 12:18 - 2015-12-13 18:44 - 00002161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 21:01 - 2016-03-07 22:04 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-27 20:51 - 2016-01-01 17:41 - 00000000 ____D C:\WarThunder
2017-06-27 18:00 - 2016-01-21 19:21 - 00000000 ____D C:\Users\Admin\Desktop\HRY
2017-06-27 13:52 - 2017-02-24 19:33 - 00030720 ___SH C:\Users\Admin\Thumbs.db
2017-06-27 12:30 - 2016-07-04 16:04 - 00000000 ____D C:\Program Files\Origin
2017-06-21 18:26 - 2015-12-13 19:14 - 00000000 ____D C:\Users\Admin
2017-06-21 18:13 - 2017-03-22 19:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\discord
2017-06-20 20:24 - 2015-12-26 22:14 - 00001021 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-06-20 20:24 - 2015-12-26 22:13 - 00000000 ____D C:\Program Files\Opera
2017-06-17 18:34 - 2017-03-04 21:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-06-17 18:34 - 2015-12-13 18:41 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-17 18:34 - 2015-12-13 18:26 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-17 18:34 - 2013-08-22 09:22 - 00336112 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-17 18:17 - 2016-11-12 20:32 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-17 18:15 - 2017-03-04 21:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-06-17 18:09 - 2017-01-30 16:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Seznam.cz
2017-06-17 18:08 - 2017-03-24 15:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TS3Client
2017-06-17 18:08 - 2017-01-30 16:38 - 00000000 ____D C:\Program Files\Seznam.cz
2017-06-17 18:04 - 2017-02-08 14:29 - 00000000 ____D C:\Program Files\unkbackup7z_00000000
2017-06-16 15:18 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\rescache
2017-06-16 14:59 - 2013-08-22 10:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 14:59 - 2013-08-22 10:17 - 00000000 ____D C:\Windows\AppReadiness
2017-06-15 20:11 - 2015-12-13 19:14 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2017-06-14 16:21 - 2013-08-22 10:17 - 00000000 ___RD C:\Windows\ToastData
2017-06-14 14:42 - 2013-08-22 10:05 - 00000000 ____D C:\Windows\CbsTemp
2017-06-14 14:41 - 2015-12-29 19:00 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 14:36 - 2015-12-29 19:00 - 130903960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-14 14:29 - 2017-04-14 21:24 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 14:29 - 2017-04-14 21:24 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 14:29 - 2017-04-14 21:24 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-10 15:00 - 2017-03-24 17:04 - 00000000 ____D C:\Users\Admin\.prefs
2017-06-08 15:04 - 2016-03-07 21:37 - 00000000 ____D C:\Program Files\Common Files\Steam
2017-06-03 04:31 - 2017-05-10 18:56 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-06-03 04:31 - 2017-05-10 18:56 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-31 16:09 - 2016-12-28 20:16 - 00000941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-05-31 14:02 - 2016-01-01 17:41 - 00000000 ____D C:\Users\Admin\Documents\My Games
2017-05-31 13:53 - 2015-12-13 18:23 - 00000000 ____D C:\Games

==================== Files in the root of some directories =======

2017-06-29 19:02 - 2017-06-29 19:04 - 0029696 _____ () C:\Users\Admin\AppData\Local\MSGBOX.EXE

Files to move or delete:
====================
C:\Users\Admin\13-1-legacy_vista_win7_win8_32_dd_ccc.exe
C:\Users\Admin\java.exe
C:\Users\Admin\tankionline-eu.exe

Some files in TEMP:
====================
2017-06-17 18:09 - 2017-06-17 18:08 - 0534528 _____ () C:\Users\Admin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-23 17:54

==================== End of FRST.txt ============================

sorcer · #6 Příspěvek od **sorcer** » 30 čer 2017 21:30

Pouzivate nelegální software, v léčbě PC nelze dále pokračovat.

VIRY.CZ

Kontrola Logu - Preventivka

Kontrola Logu - Preventivka

Re: Kontrola Logu - Preventivka

Re: Kontrola Logu - Preventivka

Re: Kontrola Logu - Preventivka

Re: Kontrola Logu - Preventivka

Re: Kontrola Logu - Preventivka