Prosím o kontrolu, niečo asi kúše

Zpráva

valdoDK · #1 Příspěvek od **valdoDK** » 28 dub 2013 19:49

Pekný deň všetkým,

Dávam sem log na kontrolu, lebo síce si na víry dávam pozor, zdá sa mi že niečo sa dostalo do PC. Konkrétne asi cez USB zo školy. Je to svinstvo že človek donesie prácu do školy a rovno si
odnesie vír. Konkrétne sa jednalo o červa "Dorkbot.D".. súbory sa hodili do karantény a pekne sa zmazali z USB (Našťastie som to mal zálohované). Poprosím teda o kontrolu logu a vopred ďakujem
za akúkoľvek odpoveď a pomoc.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.09 (written by random/random)
Run by MrVopi at 2013-04-28 20:48:58
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 58 GB (19%) free of 305 GB
Total RAM: 4061 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:08, on 28. 4. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\MrVopi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Arvo] "C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Previesť cieľ odkazu do formátu Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Previesť do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridať cieľ odkazu do existujúceho súboru PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Pridať do existujúceho súboru PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Volanie kliknutím - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14915 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Dell\DellDock\DockLogin.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
atieclxx
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
taskeng.exe {849B241A-A25C-4411-8AB0-385226861198}
"C:\Windows\system32\Dwm.exe"
C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini"
"explorer.exe"
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Dell\QuickSet\quickset.exe"
"C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files\Dell\DellDock\DellDock.exe"
"C:\Program Files\Rainmeter\Rainmeter.exe"
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe"
"C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4452.0.1666683753\39751835" --supports-dual-gpus=false --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x9593 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.631.0.0 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/15/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --renderer-print-preview --enable-threaded-compositing --channel="4452.1.723324499\615207686" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/15/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --renderer-print-preview --enable-threaded-compositing --channel="4452.2.1400485532\1196103826" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/15/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderLocalPredictor/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/ --extension-process --renderer-print-preview --enable-threaded-compositing --channel="4452.4.431174159\1839427302" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\MrVopi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\plugin/npWCChromeExtnStub.dll" --lang=sk --channel="4452.5.353902498\560740111" /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/15/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4452.7.1612305533\2108432252" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4452.9.517916750\508244910" --lang=sk --ignored=" --type=renderer " /prefetch:13
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/15/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4452.10.2008147659\1158831222" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/15/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4452.11.1589312707\1219228812" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/15/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwndDynamic/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_45/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4452.16.1815665858\23153822" /prefetch:3
"taskhost.exe"
"C:\Users\MrVopi\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\schedule!3036567561.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-01-15 205376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-02 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2013-02-22 2325624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-02 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-24 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe Acrobat Create PDF Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL [2013-02-22 1722976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-24 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
Adobe Acrobat Create PDF from Selection - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe Acrobat Create PDF Toolbar - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23 330392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-01-21 487424]
"QuickSet"=C:\Program Files\Dell\QuickSet\QuickSet.exe [2010-06-09 3216544]
"egui"=C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [2012-07-04 4133072]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Arvo"=C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE [2010-04-01 582144]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2013-04-05 59720]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-04-05 59720]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoxSyncHelper]
C:\Program Files\Box Sync\BoxSyncHelper.exe [2012-12-19 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-10-23 3108480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Box Sync.lnk]
C:\PROGRA~1\BOXSYN~1\BoxSync.exe [2012-12-19 8706560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^MrVopi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\MrVopi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-02-15 29428904]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-01-28 59720]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-25 98304]
"RoccatKone+"=C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE [2011-07-12 552960]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [2012-09-23 3477640]
"HPUsageTracking"=C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [2009-05-11 24576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\MrVopi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.l3codecp"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-04-24 19:47:50 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-04-16 20:05:29 ----D---- C:\ProgramData\ALM
2013-04-16 20:03:27 ----D---- C:\Program Files (x86)\Adobe Media Player
2013-04-13 22:13:46 ----A---- C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-04-13 22:00:54 ----D---- C:\Program Files\Adobe
2013-04-13 21:54:42 ----D---- C:\Program Files\Common Files\Adobe
2013-04-10 02:04:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-04-10 02:04:32 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-10 02:04:31 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-04-10 02:04:30 ----A---- C:\Windows\SYSWOW64\url.dll
2013-04-10 02:04:30 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-04-10 02:04:30 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-04-10 02:04:30 ----A---- C:\Windows\system32\url.dll
2013-04-10 02:04:30 ----A---- C:\Windows\system32\ieUnatt.exe
2013-04-10 02:04:30 ----A---- C:\Windows\system32\ieui.dll
2013-04-10 02:04:29 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-04-10 02:04:29 ----A---- C:\Windows\system32\urlmon.dll
2013-04-10 02:04:28 ----A---- C:\Windows\system32\jscript9.dll
2013-04-10 02:04:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-04-10 02:04:27 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-10 02:04:26 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-04-10 02:04:26 ----A---- C:\Windows\system32\wininet.dll
2013-04-10 02:04:26 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-10 02:04:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-04-10 02:04:25 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-04-10 02:04:25 ----A---- C:\Windows\system32\vbscript.dll
2013-04-10 02:04:25 ----A---- C:\Windows\system32\jscript.dll
2013-04-10 02:04:25 ----A---- C:\Windows\system32\iertutil.dll
2013-04-10 02:04:24 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-04-10 02:04:24 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-04-10 02:04:20 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-04-10 02:04:19 ----A---- C:\Windows\system32\mshtml.dll
2013-04-10 02:04:17 ----A---- C:\Windows\system32\ieframe.dll
2013-04-10 02:04:16 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-04-09 22:13:41 ----A---- C:\Windows\system32\drivers\fvevol.sys
2013-04-09 22:13:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-09 22:13:31 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-04-09 22:13:31 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-04-09 22:13:29 ----A---- C:\Windows\system32\smss.exe
2013-04-09 22:13:29 ----A---- C:\Windows\system32\csrsrv.dll
2013-04-09 22:13:28 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2013-04-09 22:13:17 ----A---- C:\Windows\system32\mstscax.dll
2013-04-09 22:13:16 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2013-04-09 22:13:14 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2013-04-09 22:13:14 ----A---- C:\Windows\system32\tsgqec.dll
2013-04-09 22:13:14 ----A---- C:\Windows\system32\aaclient.dll
2013-04-09 22:13:13 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2013-04-09 22:13:06 ----A---- C:\Windows\system32\win32k.sys
2013-04-09 19:41:16 ----D---- C:\Users\MrVopi\AppData\Roaming\Skype
2013-04-09 19:41:10 ----RD---- C:\Program Files (x86)\Skype
2013-04-09 19:41:07 ----D---- C:\ProgramData\Skype
2013-04-05 23:54:54 ----D---- C:\Users\MrVopi\AppData\Roaming\Ashampoo
2013-04-05 23:53:16 ----D---- C:\ProgramData\Ashampoo
2013-04-05 23:53:13 ----D---- C:\Program Files (x86)\Ashampoo

======List of files/folders modified in the last 1 month======

2013-04-28 20:49:08 ----D---- C:\Windows\Prefetch
2013-04-28 20:49:07 ----D---- C:\Program Files\trend micro
2013-04-28 20:49:06 ----D---- C:\Windows\Temp
2013-04-28 20:20:23 ----D---- C:\Windows\system32\config
2013-04-28 20:10:21 ----D---- C:\Windows\System32
2013-04-28 20:10:21 ----D---- C:\Windows\inf
2013-04-28 20:10:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-04-28 20:09:57 ----SHD---- C:\System Volume Information
2013-04-28 20:07:16 ----D---- C:\Windows\winsxs
2013-04-28 20:04:42 ----D---- C:\Windows\system32\drivers
2013-04-24 19:46:14 ----D---- C:\Windows\system32\catroot
2013-04-24 00:26:15 ----D---- C:\Users\MrVopi\AppData\Roaming\vlc
2013-04-22 19:19:21 ----D---- C:\Windows\system32\Tasks
2013-04-21 22:51:43 ----RSD---- C:\Windows\Fonts
2013-04-21 19:27:19 ----D---- C:\Program Files (x86)\Adobe
2013-04-21 19:13:49 ----SHD---- C:\Windows\Installer
2013-04-21 19:13:48 ----HD---- C:\Config.Msi
2013-04-21 19:12:57 ----D---- C:\Windows\SysWOW64
2013-04-21 19:12:56 ----D---- C:\Users\MrVopi\AppData\Roaming\Adobe
2013-04-21 19:12:56 ----D---- C:\ProgramData\Adobe
2013-04-21 00:30:24 ----D---- C:\Users\MrVopi\AppData\Roaming\foobar2000
2013-04-20 19:21:57 ----D---- C:\Windows\system32\NDF
2013-04-18 22:48:08 ----D---- C:\Windows\pss
2013-04-18 22:47:32 ----D---- C:\Users\MrVopi\AppData\Roaming\Dropbox
2013-04-17 23:08:25 ----D---- C:\Users\MrVopi\AppData\Roaming\FileZilla
2013-04-16 20:09:15 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2013-04-16 20:05:29 ----HD---- C:\ProgramData
2013-04-16 20:03:27 ----RD---- C:\Program Files (x86)
2013-04-16 20:01:53 ----D---- C:\Program Files (x86)\Common Files
2013-04-15 01:08:22 ----D---- C:\Windows\system32\catroot2
2013-04-13 22:00:54 ----RD---- C:\Program Files
2013-04-13 21:54:42 ----D---- C:\Program Files\Common Files
2013-04-11 15:22:40 ----D---- C:\Windows\SYSWOW64\migration
2013-04-11 15:22:40 ----D---- C:\Windows\system32\migration
2013-04-11 15:22:40 ----D---- C:\Program Files (x86)\Internet Explorer
2013-04-11 15:22:39 ----D---- C:\Program Files\Internet Explorer
2013-04-10 02:06:33 ----A---- C:\Windows\system32\MRT.exe
2013-04-10 02:05:15 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-03-06 564824]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-06 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-07-10 213416]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-29 152136]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-29 140752]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys [2006-11-17 52224]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys [2009-06-25 55296]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys [2006-11-18 55296]
R3 ArvoFltr;ROCCAT Arvo; C:\Windows\system32\drivers\ArvoFltr.sys [2009-05-06 15872]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-05 114192]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-06-25 6036480]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2012-01-24 8616960]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-01-21 505856]
S3 auygji83;auygji83; C:\Windows\system32\drivers\auygji83.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-02 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-02 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-07-02 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-02 21160]
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys []
S3 HPFXBULK;HPFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [2007-07-16 20504]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [2013-01-28 25584]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-25 203264]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [2012-07-04 999704]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [2010-01-21 244736]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-02-26 3560800]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [2012-07-04 35720]
S3 ESHASRV;ESET SHA Service; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [2012-07-04 190208]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-02-20 641352]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-01-25 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-02 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 28 dub 2013 20:19

Zdravim

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

valdoDK · #3 Příspěvek od **valdoDK** » 28 dub 2013 20:34

zatial to info z RSIT

info.txt logfile of random's system information tool 1.09 2013-03-02 14:43:24

======Uninstall list======

-->C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\delldock.exe
7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_Plugin.exe -maintain plugin
Adobe Shockwave Player 12.0-->"C:\Windows\SysWOW64\Adobe\Shockwave 12\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}
Apple Mobile Device Support-->MsiExec.exe /I{2F72F540-1F60-4266-9506-952B21D6640D}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Catalyst Control Center - Branding-->MsiExec.exe /I{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Dell Dock-->"C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
FileZilla Client 3.6.0.2-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
foobar2000 v1.2.3-->"C:\Program Files (x86)\foobar2000\uninstall.exe" _?=C:\Program Files (x86)\foobar2000
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -remove -removeonly
Internet Download Manager-->C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{0225AD21-F3E2-4916-BFF3-65D3F9052582}
Java 7 Update 15 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417015FF}
Java 7 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217015FF}
K-Lite Codec Pack 9.7.5 (64-bit)-->"C:\Program Files\K-Lite Codec Pack x64\unins000.exe"
K-Lite Codec Pack 9.7.5 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Quickset64-->MsiExec.exe /I{87CF757E-C1F1-4D22-865C-00C6950B5258}
Rainmeter-->C:\Program Files\Rainmeter\uninst.exe
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
TeamViewer 8-->C:\Program Files (x86)\TeamViewer\Version8\uninstall.exe
TeraCopy 2.3 beta 2-->"C:\Program Files\TeraCopy\unins000.exe"
VLC media player 2.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

======System event log======

Computer Name: MrVopi-PC
Event Code: 7000
Message: Spustenie služby Apple Mobile Device zlyhalo kvôli nasledujúcej chybe:
Nepodarilo sa spustiť túto aplikáciu, pretože jej súbežne zdieľaná konfigurácia je nesprávna. Podrobné informácie nájdete v denníku udalostí aplikácií, alebo ich zobrazte použitím nástroja príkazového riadka sxstrace.exe.
Record Number: 595
Source Name: Service Control Manager
Time Written: 20130302111110.723823-000
Event Type: Error
User:

Computer Name: MrVopi-PC
Event Code: 7000
Message: Spustenie služby Apple Mobile Device zlyhalo kvôli nasledujúcej chybe:
Nepodarilo sa spustiť túto aplikáciu, pretože jej súbežne zdieľaná konfigurácia je nesprávna. Podrobné informácie nájdete v denníku udalostí aplikácií, alebo ich zobrazte použitím nástroja príkazového riadka sxstrace.exe.
Record Number: 594
Source Name: Service Control Manager
Time Written: 20130302111105.716214-000
Event Type: Error
User:

Computer Name: MrVopi-PC
Event Code: 43029
Message: Display is not active
Record Number: 565
Source Name: atikmdag
Time Written: 20130302110022.880626-000
Event Type: Error
User:

Computer Name: MrVopi-PC
Event Code: 52236
Message: CPLIB :: General - Invalid Parameter
Record Number: 564
Source Name: atikmdag
Time Written: 20130302110022.880626-000
Event Type: Error
User:

Computer Name: 37L4247E29-32
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 265
Source Name: k57nd60a
Time Written: 20130302104746.444266-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: MrVopi-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 235
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20130302105701.263856-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: MrVopi-PC
Event Code: 3006
Message: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
Record Number: 233
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20130302105701.170256-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: MrVopi-PC
Event Code: 1533
Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

DETAIL - Adresár nie je prázdny.

Record Number: 218
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20130302105514.500842-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: MrVopi-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 1008) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 215
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20130302105509.914434-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: MrVopi-PC
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 129
Source Name: Microsoft-Windows-Search
Time Written: 20130302105256.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130302104542.065248-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247E29-32$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130302104542.065248-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x32d6f
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130302104541.737647-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130302104539.990444-000
Event Type: Audit Success
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130302104539.959244-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"asl.log"=Destination=file

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 28 dub 2013 20:43

OK, pockam si jeste na USBFix

valdoDK · #5 Příspěvek od **valdoDK** » 28 dub 2013 20:48

tu log z USBfix

---------------------------------------------

############################## | UsbFix V 7.096 | [Deletion]

User: MrVopi (Administrator) # MRVOPI-PC
Updated 15/08/2012 by El Desaparecido
Started at 21:39:09 | 28/04/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Dell Inc. (Studio XPS 1640) (x64-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (2534)
RAM -> [Total : 4061 | Free : 1715]
BIOS: gPhoenix ROM BIOS PLUS Version 1.10 A14
BOOT: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET Endpoint Antivirus 5.0 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 298 Gb (57 Mb free - 19%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (2 Mb free - 40%) [VALDODK 4GB] # FAT32
H:\ -> Fixed drive # 1859 Gb (880 Mb free - 47%) [iOmega 2TB] # NTFS

################## | Active Processes |

C:\Windows\system32\csrss.exe (428)
C:\Windows\system32\wininit.exe (504)
C:\Windows\system32\csrss.exe (520)
C:\Windows\system32\services.exe (576)
C:\Windows\system32\lsass.exe (592)
C:\Windows\system32\lsm.exe (600)
C:\Windows\system32\winlogon.exe (640)
C:\Windows\system32\svchost.exe (724)
C:\Windows\system32\svchost.exe (792)
C:\Windows\system32\atiesrxx.exe (856)
C:\Windows\System32\svchost.exe (928)
C:\Windows\System32\svchost.exe (960)
C:\Windows\system32\svchost.exe (988)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (260)
C:\Windows\system32\svchost.exe (1112)
C:\Program Files\Dell\DellDock\DockLogin.exe (1216)
C:\Windows\system32\svchost.exe (1264)
C:\Windows\System32\spoolsv.exe (1476)
C:\Windows\system32\svchost.exe (1504)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1608)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (1632)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1660)
C:\Program Files\Bonjour\mDNSResponder.exe (1712)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1744)
C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe (1800)
C:\Windows\system32\svchost.exe (1836)
C:\Windows\SysWOW64\svchost.exe (1860)
C:\Windows\System32\svchost.exe (1884)
C:\Windows\System32\svchost.exe (1952)
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (1364)
C:\Windows\system32\svchost.exe (3012)
C:\Windows\system32\atieclxx.exe (1692)
C:\Windows\System32\svchost.exe (1132)
C:\Program Files\Windows Media Player\wmpnetwk.exe (1088)
C:\Windows\system32\SearchIndexer.exe (2476)
C:\Windows\system32\taskhost.exe (2164)
C:\Windows\system32\taskeng.exe (3360)
C:\Windows\system32\Dwm.exe (3248)
C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe (2760)
C:\Windows\explorer.exe (2928)
C:\Windows\System32\rundll32.exe (3508)
C:\Program Files\IDT\WDM\sttray64.exe (2268)
C:\Program Files\Dell\QuickSet\quickset.exe (3636)
C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (3816)
C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE (3720)
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (2212)
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (3752)
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (3704)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3280)
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (3576)
C:\Program Files\Dell\DellDock\DellDock.exe (3792)
C:\Program Files\Rainmeter\Rainmeter.exe (3688)
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (3860)
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (2240)
C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (3960)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4048)
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (4072)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3964)
C:\Windows\system32\wbem\wmiprvse.exe (3164)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3256)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3400)
C:\Windows\System32\svchost.exe (4604)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (496)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4452)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5052)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1420)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (900)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (524)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3024)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1068)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4128)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3664)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4960)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3100)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1600)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3736)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4052)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5444)
C:\Windows\System32\WUDFHost.exe (3900)
C:\Windows\system32\wbem\wmiprvse.exe (568)
C:\Windows\System32\svchost.exe (5332)
C:\UsbFix\Go.exe (3496)

################## | Stopped processes |

Stopped! C:\Windows\system32\atiesrxx.exe (856)
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe (260)
Stopped! C:\Program Files\Dell\DellDock\DockLogin.exe (1216)
Stopped! C:\Windows\System32\spoolsv.exe (1476)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1608)
Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe (1632)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1660)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (1712)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1744)
Stopped! C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe (1800)
Stopped! C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (1364)
Stopped! C:\Windows\system32\atieclxx.exe (1692)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (1088)
Stopped! C:\Windows\system32\SearchIndexer.exe (2476)
Stopped! C:\Windows\system32\taskhost.exe (2164)
Stopped! C:\Windows\system32\taskeng.exe (3360)
Stopped! C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe (2760)
Stopped! C:\Windows\System32\rundll32.exe (3508)
Stopped! C:\Program Files\IDT\WDM\sttray64.exe (2268)
Stopped! C:\Program Files\Dell\QuickSet\quickset.exe (3636)
Stopped! C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (3816)
Stopped! C:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE (3720)
Stopped! C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (2212)
Stopped! C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (3752)
Stopped! C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (3704)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3280)
Stopped! C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (3576)
Stopped! C:\Program Files\Dell\DellDock\DellDock.exe (3792)
Stopped! C:\Program Files\Rainmeter\Rainmeter.exe (3688)
Stopped! C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (3860)
Stopped! C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (2240)
Stopped! C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (3960)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (4048)
Stopped! C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (4072)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3964)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3256)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (3400)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (496)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4452)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5052)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1420)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (900)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3024)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1068)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4128)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3664)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4960)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3100)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1600)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3736)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4052)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5444)
Stopped! C:\Windows\System32\WUDFHost.exe (3900)

################## | Files # Infected Folders |

Deleted ! C:\Users\MrVopi\AppData\Local\Temp\xmlUpdater.exe
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-3261297115-3620489308-3781170777-1001
Deleted ! H:\$RECYCLE.BIN\S-1-5-21-1012519688-2421850716-3688177861-1001
Deleted ! H:\$RECYCLE.BIN\S-1-5-21-3261297115-3620489308-3781170777-1001
Deleted ! G:\Recycler\desktop.ini
Deleted ! G:\RECYCLER\e621ca05.exe

(!) Temporary files deleted.

################## | Registry |

################## | Mountpoints2 |

################## | Listing |

[28/04/2013 - 21:44:59 | SHD ] C:\$Recycle.Bin
[19/03/2013 - 22:22:47 | D ] C:\CM1312_Full_Solution_Win7_5_1_AM-EMEA1
[21/04/2013 - 19:13:48 | D ] C:\Config.Msi
[02/03/2013 - 14:28:36 | D ] C:\dell
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[28/04/2013 - 20:05:19 | ASH | 3193585664] C:\hiberfil.sys
[02/12/2006 - 00:37:14 | N | 904704] C:\msdia80.dll
[06/03/2013 - 18:46:27 | RHD ] C:\MSOCache
[28/04/2013 - 20:05:24 | ASH | 4258115584] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[13/04/2013 - 22:00:54 | D ] C:\Program Files
[16/04/2013 - 20:03:27 | D ] C:\Program Files (x86)
[16/04/2013 - 20:05:29 | HD ] C:\ProgramData
[02/03/2013 - 12:55:13 | SHD ] C:\Recovery
[02/03/2013 - 15:43:24 | D ] C:\rsit
[28/04/2013 - 20:09:57 | SHD ] C:\System Volume Information
[02/03/2013 - 16:33:47 | N | 70078] C:\TDSSKiller.2.8.16.0_02.03.2013_15.31.07_log.txt
[02/03/2013 - 19:38:11 | D ] C:\temp
[28/04/2013 - 21:44:59 | D ] C:\UsbFix
[28/04/2013 - 21:42:09 | A | 11385] C:\UsbFix.txt
[02/03/2013 - 14:37:51 | D ] C:\Users
[19/03/2013 - 22:24:05 | D ] C:\Windows
[22/04/2013 - 23:47:56 | D ] G:\fotodokumentacia
[23/03/2010 - 00:43:52 | D ] G:\BIO
[26/01/2011 - 23:11:10 | D ] G:\FYZ
[26/01/2011 - 23:12:02 | D ] G:\GEO
[08/02/2011 - 23:04:44 | D ] G:\CHE
[25/01/2011 - 08:28:04 | D ] G:\INFO
[26/01/2011 - 23:10:58 | D ] G:\MAT
[19/01/2010 - 08:16:58 | D ] G:\MOSKVA - HOTOVO
[24/01/2011 - 12:35:36 | D ] G:\OBN
[26/01/2011 - 23:10:42 | D ] G:\RJ
[26/06/2009 - 07:32:40 | D ] G:\Ročníkový Projekt
[30/03/2010 - 23:52:48 | D ] G:\Sjal
[04/10/2010 - 19:49:06 | D ] G:\UKU
[29/09/2010 - 08:58:28 | D ] G:\WIFI-certifikat
[07/03/2010 - 10:45:52 | N | 12636] G:\Rive.xlsx
[01/03/2011 - 01:22:14 | D ] G:\AJ
[04/05/2011 - 17:40:38 | D ] G:\trip kaunas - peterburg - vilnius
[29/09/2011 - 17:36:34 | D ] G:\TESTY autoskola
[18/06/2012 - 09:07:28 | N | 1105772] G:\Budhizmus.pptx
[20/10/2010 - 17:42:08 | D ] G:\Ashampoo
[17/04/2013 - 10:03:02 | HD ] G:\RECYCLER
[28/04/2013 - 21:44:59 | SHD ] H:\$RECYCLE.BIN
[02/04/2011 - 12:51:23 | D ] H:\Adobe Illustrator CS5
[10/01/2013 - 00:24:56 | D ] H:\Extraordinary
[13/04/2011 - 23:25:53 | D ] H:\GAMES
[14/04/2011 - 16:52:17 | D ] H:\Linux Ubuntu - ISO
[31/10/2012 - 22:38:35 | D ] H:\PHOTOS
[13/04/2011 - 17:04:00 | SHD ] H:\System Volume Information
[02/01/2013 - 20:13:01 | D ] H:\The Giant Mechanical Man (2012) [BRRip]
[31/10/2012 - 22:42:48 | D ] H:\VIDEO
[11/01/2013 - 16:56:17 | D ] H:\VPS
[22/11/2012 - 17:28:09 | D ] H:\VPS photo
[02/03/2013 - 03:20:55 | D ] H:\ZALOHA

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_MRVOPI-PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |

#6 Příspěvek od **vyosek** » 28 dub 2013 20:50

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

valdoDK · #7 Příspěvek od **valdoDK** » 28 dub 2013 20:59

log z AdwCleaner-u

-----------------------------------

# AdwCleaner v2.300 - Log vytvorený 28/04/2013 o 21:58:22
# Aktualizované 28/04/2013 Xplode
# Operaený systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživateľ : MrVopi - MRVOPI-PC
# Spustený systém : Normálny
# Spustené z : C:\Users\MrVopi\Desktop\adwcleaner.exe
# Voľba [Prehľada?]

***** [Služby] *****

***** [Súbory / Adresáre] *****

Adresár Nájdené : C:\ProgramData\BetterSoft
Adresár Nájdené : C:\ProgramData\InstallMate
Adresár Nájdené : C:\ProgramData\SoftSafe
Adresár Nájdené : C:\Users\MrVopi\AppData\Local\PackageAware

***** [Registre] *****

Kľúe Nájdené : HKCU\Software\AppDataLow\SProtector
Kľúe Nájdené : HKCU\Software\InstallCore
Kľúe Nájdené : HKCU\Software\Optimizer Pro
Kľúe Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Kľúe Nájdené : HKLM\Software\SP Global
Kľúe Nájdené : HKLM\Software\SProtector
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Kľúe Nájdené : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro

***** [Internetové prehliadaee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registre sú eisté.

-\\ Google Chrome v26.0.1410.64

Súbor : C:\Users\MrVopi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Súbor je eistý.

*************************

AdwCleaner[R1].txt - [1362 octets] - [28/04/2013 21:58:22]

########## EOF - C:\AdwCleaner[R1].txt - [1422 octets] ##########

#8 Příspěvek od **vyosek** » 28 dub 2013 21:01

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

valdoDK · #9 Příspěvek od **valdoDK** » 28 dub 2013 21:14

nech sa paci log

---------------------------------------

# AdwCleaner v2.300 - Log vytvorený 28/04/2013 o 22:09:46
# Aktualizované 28/04/2013 Xplode
# Operaený systém : Windows 7 Professional Service Pack 1 (64 bits)
# Uživateľ : MrVopi - MRVOPI-PC
# Spustený systém : Normálny
# Spustené z : C:\Users\MrVopi\Desktop\adwcleaner.exe
# Voľba [Vymaza?]

***** [Služby] *****

***** [Súbory / Adresáre] *****

Adresár Vymazané : C:\ProgramData\BetterSoft
Adresár Vymazané : C:\ProgramData\InstallMate
Adresár Vymazané : C:\ProgramData\SoftSafe
Adresár Vymazané : C:\Users\MrVopi\AppData\Local\PackageAware

***** [Registre] *****

Kľúe Vymazané : HKCU\Software\AppDataLow\SProtector
Kľúe Vymazané : HKCU\Software\InstallCore
Kľúe Vymazané : HKCU\Software\Optimizer Pro
Kľúe Vymazané : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Kľúe Vymazané : HKLM\Software\SP Global
Kľúe Vymazané : HKLM\Software\SProtector
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro

***** [Internetové prehliadaee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registre sú eisté.

-\\ Google Chrome v26.0.1410.64

Súbor : C:\Users\MrVopi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Súbor je eistý.

*************************

AdwCleaner[R1].txt - [1489 octets] - [28/04/2013 21:58:22]
AdwCleaner[S1].txt - [1432 octets] - [28/04/2013 22:09:46]

########## EOF - C:\AdwCleaner[S1].txt - [1492 octets] ##########

#10 Příspěvek od **vyosek** » 29 dub 2013 22:13

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

valdoDK · #11 Příspěvek od **valdoDK** » 30 dub 2013 03:07

nech sa paci log

Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.04.29.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MrVopi :: MRVOPI-PC [administrátor]

Ochrana: Zapnuté

30. 4. 2013 0:09:14
MBAM-log-2013-04-30 (04-06-26).txt

Typ kontroly: Úplná kontrola (C:\|H:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 599382
Uplynutý čas: 1 hod, 3 min, 32 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 17
C:\UsbFix_Upload_Me_MRVOPI-PC.zip (Trojan.FakeSkype) -> Žiadna úloha nevykonaná.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Žiadna úloha nevykonaná.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Žiadna úloha nevykonaná.
C:\Program Files\ESET\MiNODLogin\launcher.exe (Riskware.KG) -> Žiadna úloha nevykonaná.
C:\Program Files\ESET\MiNODLogin\uninst.exe (Riskware.KG) -> Žiadna úloha nevykonaná.
C:\Program Files\ESET\TNod User & Password Finder\uninst-tnod.exe (Trojan.Agent.CK) -> Žiadna úloha nevykonaná.
C:\Users\MrVopi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FE93NEU\adobe.cs6.all.products.activator.softarchive.net[1].rar (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
C:\Users\MrVopi\Desktop\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\32 bit\amtlib.dll (PUP.RiskwareTool.CK) -> Žiadna úloha nevykonaná.
C:\Users\MrVopi\Desktop\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu]\cracked dll\64 bit\amtlib.dll (PUP.RiskwareTool.CK) -> Žiadna úloha nevykonaná.
C:\Users\MrVopi\Desktop\adobe.cs6.all.products.activator.softarchive.net\ADALL.x32._.x64-MPT.rar (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
C:\Users\MrVopi\Desktop\adobe.cs6.all.products.activator.softarchive.net\adobe.cs6.all.products.activator.(x32.y.x64)-mpt.exe (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
C:\Users\MrVopi\Desktop\Programy\Adobe-Acrobat-XI-Pro-v11.0.0-Multilanguage+Crack-32x,64x\Adobe Acrobat XI Pro v11.0.0 Multilanguage+Crack 32x,64x\Adobe-Acrobat-XI-PRO-11-Multilang\MPT\adobe.acrobat.xi.pro.patch-MPT.exe (PUP.Hacktool.Patcher) -> Žiadna úloha nevykonaná.
C:\Users\MrVopi\Desktop\Programy\Adobe-Acrobat-XI-Pro-v11.0.0-Multilanguage+Crack-32x,64x\Adobe Acrobat XI Pro v11.0.0 Multilanguage+Crack 32x,64x\Keygen\xf-aarpxi.exe (PUP.RiskwareTool.CK) -> Žiadna úloha nevykonaná.
C:\Users\MrVopi\Desktop\Programy\Daemon-Tools-Pro-Advanced-5.2.0.0348-CZ-+-Crack---by-kopiha\Daemon Tools Pro Advanced 5.2.0.0348 CZ + Crack - by kopiha\Crack\Patch.exe (Riskware.Tool.CK) -> Žiadna úloha nevykonaná.
H:\ZALOHA\valoDK\Adobe After Effects CS5\Ad0b3.Aft3r.3ff3cts.CS5.v10.0.x64.Incl\keygen.exe (Malware.Packer.Gen) -> Žiadna úloha nevykonaná.
H:\ZALOHA\valoDK\Adobe After Effects CS5\Ad0b3.Aft3r.3ff3cts.CS5.v10.0.x64.Incl\keygen_plugin.exe (Malware.Packer.Gen) -> Žiadna úloha nevykonaná.
H:\ZALOHA\valoDK\AppData\Roaming\Apple Computer\MobileSync\Backup\f2b4b11f187c4a858f4eb16b903259e996081618\8728c2844a9189c88dfbdb3290808c856b9da572 (Trojan.Zbot.CBCGen) -> Žiadna úloha nevykonaná.

(koniec)

#12 Příspěvek od **vyosek** » 30 dub 2013 06:39

Dovolim si otazku, ma cenu lecit PC, ktere si uzivatel s prominutim zaliska hned vlastni blbosti zpatky diky crackum\keygenum a podobnym "dobrotami"

Nehlede na porusovani autorskeho zakona

valdoDK · #13 Příspěvek od **valdoDK** » 30 dub 2013 15:26

Nie som z milionarskej rodiny aby som si mohol dovolit produkty Adobe za tisice eur. Navyse programy vyuzivam vramci sebazdokonalovania (avatar je este z roku 2007, to len aby to neposobilo zle) a dufam ze v buducnosti si budem moct danu licenciu zaplatit. Antivir a plno dalsieho softu (aj mimo pc) mam legalne (vyssie v zozname ESET bol len na tyzdennu dieru, ked som nemal licencny kod). Nijak na tom nezarabam. Pokial viem porusenie autorskeho zakona je pokial dany program/medium nevyuzivam len pre svoju potrebu ale obohacujem sa na jeho ukor pripadne ho sirim. Pokial samozrejme nechcete dalej pokracovat v pomoci vycistenia pc, chapem Vas a dakujem za doterajsiu pomoc. V tejto sfere >virusov< sa nevyznam takze neviem ako na tom uplne som ale PC nabieha rychlo aj ked uz ma 4 roky, nebehaju mi tu ziadne reklamy ani sa lubovolne neuzatvaraju programy. Nie som obycajny konzument, ktory ho vyuziva len na FB a stahovanie nelegalneho obsahu. O tuto kontrolu som poprosil uz z vyssie spomenuteho dovodu virusu "Darkbot.D", ktory som priniesol zo skoly na USB.

#14 Příspěvek od **vyosek** » 30 dub 2013 16:12

Nalezy MBAMu tedy smazte, objevi se log, ten rad uvidim...

Cracky\keygeny jsou velmi catso zdrojem malware

Poruseni autorskeho zakona\licencnich podminek se cracknutim programu dopoustite

valdoDK · #15 Příspěvek od **valdoDK** » 30 dub 2013 17:47

pustil som celu kontrolu znova a detegovane subory vymazal

- dakujem za pokracovanie v cisteni

----------------------------------------------------------------------

Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2013.04.29.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
MrVopi :: MRVOPI-PC [administrátor]

Ochrana: Zapnuté

30. 4. 2013 17:32:22
mbam-log-2013-04-30 (17-32-22).txt

Typ kontroly: Úplná kontrola (C:\|H:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 600860
Uplynutý čas: 1 hod, 7 min, 14 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 8
C:\UsbFix_Upload_Me_MRVOPI-PC.zip (Trojan.FakeSkype) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\MrVopi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FE93NEU\adobe.cs6.all.products.activator.softarchive.net[1].rar (PUP.Hacktool.Patcher) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\MrVopi\Desktop\Programy\Adobe-Acrobat-XI-Pro-v11.0.0-Multilanguage+Crack-32x,64x\Adobe Acrobat XI Pro v11.0.0 Multilanguage+Crack 32x,64x\Adobe-Acrobat-XI-PRO-11-Multilang\MPT\adobe.acrobat.xi.pro.patch-MPT.exe (PUP.Hacktool.Patcher) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\MrVopi\Desktop\Programy\Adobe-Acrobat-XI-Pro-v11.0.0-Multilanguage+Crack-32x,64x\Adobe Acrobat XI Pro v11.0.0 Multilanguage+Crack 32x,64x\Keygen\xf-aarpxi.exe (PUP.RiskwareTool.CK) -> Pridanie do karantény a zmazanie úspešné.
C:\Users\MrVopi\Desktop\Programy\Daemon-Tools-Pro-Advanced-5.2.0.0348-CZ-+-Crack---by-kopiha\Daemon Tools Pro Advanced 5.2.0.0348 CZ + Crack - by kopiha\Crack\Patch.exe (Riskware.Tool.CK) -> Pridanie do karantény a zmazanie úspešné.
H:\ZALOHA\valoDK\AppData\Roaming\Apple Computer\MobileSync\Backup\f2b4b11f187c4a858f4eb16b903259e996081618\8728c2844a9189c88dfbdb3290808c856b9da572 (Trojan.Zbot.CBCGen) -> Pridanie do karantény a zmazanie úspešné.

(koniec)

VIRY.CZ

Prosím o kontrolu, niečo asi kúše

Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše

Re: Prosím o kontrolu, niečo asi kúše