VIRY.CZ

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: spravce [Admin rights]
Mode: HOSTSFix -- Date : 01/25/2012 12:43:05

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: spravce [Admin rights]
Mode: ProxyFix -- Date : 01/25/2012 12:43:30

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-01-23.02 - spravce 25.01.2012 12:50:56.2.4 - x64
Spuštěný z: c:\users\spravce\Downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-25 do 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 11:54 . 2012-01-25 11:54 -------- d-----w- c:\users\User\AppData\Local\temp
2012-01-25 11:54 . 2012-01-25 11:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-25 11:54 . 2012-01-25 11:54 -------- d-----w- c:\users\OZV\AppData\Local\temp
2012-01-25 11:54 . 2012-01-25 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-25 07:18 . 2012-01-25 07:18 -------- d-----w- c:\users\spravce\AppData\Local\Microsoft Games
2012-01-25 06:41 . 2012-01-25 06:41 -------- d-----w- C:\rsit
2012-01-25 06:41 . 2012-01-25 06:41 -------- d-----w- c:\program files\trend micro
2012-01-24 08:03 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5810F680-55D2-42F3-895D-06232BB675CD}\mpengine.dll
2012-01-24 07:56 . 2012-01-24 07:56 -------- d-----w- C:\found.000
2012-01-17 08:25 . 2012-01-17 08:25 -------- d-----w- c:\users\OZV\AppData\Local\Digital_Media_Production
2012-01-17 07:03 . 2012-01-17 07:12 -------- d-----w- c:\program files (x86)\Česká společnost 1914-2009
2012-01-12 06:20 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 06:20 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 06:20 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 06:20 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 06:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 06:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 06:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 06:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-12 06:18 . 2012-01-12 06:18 -------- d-----w- c:\users\OZV\AppData\Roaming\DagielGrecja
2012-01-11 09:35 . 2012-01-11 09:35 -------- d-----w- c:\program files (x86)\Terasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 08:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-14 08:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-14 07:14 . 2011-12-14 07:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-14 07:14 . 2011-12-14 07:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-14 07:14 . 2011-12-14 07:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-14 07:14 . 2011-12-14 07:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-14 07:14 . 2011-12-14 07:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-14 07:14 . 2011-12-14 07:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-14 07:14 . 2011-12-14 07:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-14 07:14 . 2011-12-14 07:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-14 07:14 . 2011-12-14 07:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-14 07:14 . 2011-12-14 07:14 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-14 07:14 . 2011-12-14 07:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-14 07:14 . 2011-12-14 07:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-14 07:14 . 2011-12-14 07:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-14 07:14 . 2011-12-14 07:14 448512 ----a-w- c:\windows\system32\html.iec
2011-12-14 07:14 . 2011-12-14 07:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-14 07:14 . 2011-12-14 07:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-14 07:14 . 2011-12-14 07:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-14 07:14 . 2011-12-14 07:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-14 07:14 . 2011-12-14 07:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 07:14 . 2011-12-14 07:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 07:14 . 2011-12-14 07:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-14 07:14 . 2011-12-14 07:14 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 07:14 . 2011-12-14 07:14 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-14 07:14 . 2011-12-14 07:14 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-14 07:14 . 2011-12-14 07:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-14 07:14 . 2011-12-14 07:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-14 07:14 . 2011-12-14 07:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-14 07:14 . 2011-12-14 07:14 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-14 07:14 . 2011-12-14 07:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-14 07:14 . 2011-12-14 07:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-14 07:14 . 2011-12-14 07:14 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 07:14 . 2011-12-14 07:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-14 07:14 . 2011-12-14 07:14 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-14 07:14 . 2011-12-14 07:14 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 07:14 . 2011-12-14 07:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-14 07:14 . 2011-12-14 07:14 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-14 07:14 . 2011-12-14 07:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-14 07:14 . 2011-12-14 07:14 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-14 07:14 . 2011-12-14 07:14 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-14 07:14 . 2011-12-14 07:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-14 07:14 . 2011-12-14 07:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-14 07:14 . 2011-12-14 07:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-07 11:25 . 2011-12-07 11:25 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 06:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-01-25 07:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-14 06:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 06:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-25_07.14.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 08:01 . 2012-01-25 08:26 14190 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2012-01-24 08:01 . 2012-01-25 08:26 18358 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-14 06:37 . 2012-01-25 08:26 1886 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3040717199-1424661705-2491633218-1004_UserData.bin
- 2012-01-25 06:26 . 2012-01-25 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-25 08:24 . 2012-01-25 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-25 08:24 . 2012-01-25 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-25 06:26 . 2012-01-25 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-25 14:03 . 2012-01-25 11:33 238884 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:01 . 2012-01-25 08:20 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-25 06:24 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-07 12:10 . 2012-01-25 08:20 1581100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3040717199-1424661705-2491633218-1004-12288.dat
+ 2011-07-03 20:55 . 2012-01-25 07:58 10626264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3040717199-1424661705-2491633218-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
eInstruction Device Manager.lnk - c:\found.000\dir0032.chk\Launch.exe [2011-12-6 306480]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-5-30 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-5-30 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-11-18 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-03-27 1800808]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 13:36]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 13:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-27 17412200]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-18 2919168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{C11D9367-73A4-42C7-B712-1A23575E338B}: NameServer = 212.111.0.10
FF - ProfilePath - c:\users\spravce\AppData\Roaming\Mozilla\Firefox\Profiles\w659ege4.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-01-25 12:56:37
ComboFix-quarantined-files.txt 2012-01-25 11:56
ComboFix2.txt 2012-01-25 07:16
.
Před spuštěním: Volných bajtů: 43 551 145 984
Po spuštění: Volných bajtů: 43 255 349 248
.
- - End Of File - - C116013EDC1A44E74D0403B6E28232AA

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
C:\found.000
c:\program files (x86)\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=-
"UpdateP2GoShortCut"=-
"ApnUpdater"=-

Driver::
gupdate
gupdatem

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-01-23.02 - spravce 26.01.2012 8:37.6.4 - x64
Spuštěný z: c:\users\spravce\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-26 do 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 07:44 . 2012-01-26 07:44 -------- d-----w- c:\users\User\AppData\Local\temp
2012-01-26 07:44 . 2012-01-26 07:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-01-26 07:44 . 2012-01-26 07:44 -------- d-----w- c:\users\OZV\AppData\Local\temp
2012-01-26 07:44 . 2012-01-26 07:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 06:54 . 2012-01-26 06:55 -------- d-----w- c:\users\Admini
2012-01-25 22:30 . 2012-01-25 22:30 -------- d-----w- c:\users\spravce\AppData\Local\GHISLER
2012-01-25 20:43 . 2012-01-25 20:43 -------- d-----w- C:\totalcmd
2012-01-25 20:43 . 2012-01-25 20:43 -------- d-----w- c:\users\spravce\AppData\Roaming\GHISLER
2012-01-25 17:48 . 2012-01-25 18:21 -------- d-----w- c:\users\spravce\AppData\Local\Diagnostics
2012-01-25 16:43 . 2012-01-25 16:43 -------- d-----w- c:\users\spravce\AppData\Local\VirtualStore
2012-01-25 07:18 . 2012-01-25 07:18 -------- d-----w- c:\users\spravce\AppData\Local\Microsoft Games
2012-01-25 06:41 . 2012-01-25 06:41 -------- d-----w- C:\rsit
2012-01-25 06:41 . 2012-01-25 06:41 -------- d-----w- c:\program files\trend micro
2012-01-24 08:03 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5810F680-55D2-42F3-895D-06232BB675CD}\mpengine.dll
2012-01-17 08:25 . 2012-01-17 08:25 -------- d-----w- c:\users\OZV\AppData\Local\Digital_Media_Production
2012-01-17 07:03 . 2012-01-17 07:12 -------- d-----w- c:\program files (x86)\Česká společnost 1914-2009
2012-01-12 06:20 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 06:20 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 06:20 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 06:20 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 06:20 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 06:20 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 06:20 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 06:20 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-12 06:18 . 2012-01-12 06:18 -------- d-----w- c:\users\OZV\AppData\Roaming\DagielGrecja
2012-01-11 09:35 . 2012-01-11 09:35 -------- d-----w- c:\program files (x86)\Terasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 08:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-14 08:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-12-14 07:14 . 2011-12-14 07:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-14 07:14 . 2011-12-14 07:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-14 07:14 . 2011-12-14 07:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-14 07:14 . 2011-12-14 07:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-14 07:14 . 2011-12-14 07:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-14 07:14 . 2011-12-14 07:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-14 07:14 . 2011-12-14 07:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-14 07:14 . 2011-12-14 07:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-14 07:14 . 2011-12-14 07:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-14 07:14 . 2011-12-14 07:14 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-14 07:14 . 2011-12-14 07:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-14 07:14 . 2011-12-14 07:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-14 07:14 . 2011-12-14 07:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-14 07:14 . 2011-12-14 07:14 448512 ----a-w- c:\windows\system32\html.iec
2011-12-14 07:14 . 2011-12-14 07:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-14 07:14 . 2011-12-14 07:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-14 07:14 . 2011-12-14 07:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-14 07:14 . 2011-12-14 07:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-14 07:14 . 2011-12-14 07:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-14 07:14 . 2011-12-14 07:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 07:14 . 2011-12-14 07:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-14 07:14 . 2011-12-14 07:14 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 07:14 . 2011-12-14 07:14 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-14 07:14 . 2011-12-14 07:14 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-14 07:14 . 2011-12-14 07:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-14 07:14 . 2011-12-14 07:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-14 07:14 . 2011-12-14 07:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-14 07:14 . 2011-12-14 07:14 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-14 07:14 . 2011-12-14 07:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-14 07:14 . 2011-12-14 07:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-14 07:14 . 2011-12-14 07:14 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 07:14 . 2011-12-14 07:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-14 07:14 . 2011-12-14 07:14 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-14 07:14 . 2011-12-14 07:14 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 07:14 . 2011-12-14 07:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-14 07:14 . 2011-12-14 07:14 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-14 07:14 . 2011-12-14 07:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-14 07:14 . 2011-12-14 07:14 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-14 07:14 . 2011-12-14 07:14 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-14 07:14 . 2011-12-14 07:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-14 07:14 . 2011-12-14 07:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-14 07:14 . 2011-12-14 07:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-07 11:25 . 2011-12-07 11:25 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 06:45 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-01-25 07:41 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-14 06:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 06:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.

((((((((((((((((((((((((((((( SnapShot_2012-01-25_20.23.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 08:01 . 2012-01-26 06:56 26132 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2012-01-24 08:01 . 2012-01-26 07:36 27420 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-24 22:07 . 2012-01-26 06:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-24 22:07 . 2012-01-25 20:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-24 22:07 . 2012-01-25 20:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-24 22:07 . 2012-01-26 06:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-25 20:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-26 06:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-01-25 17:46 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-01-25 22:01 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-12 06:20 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-12 06:20 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-14 06:37 . 2012-01-26 07:36 3930 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3040717199-1424661705-2491633218-1004_UserData.bin
- 2012-01-25 20:22 . 2012-01-25 20:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-26 07:33 . 2012-01-26 07:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-26 07:33 . 2012-01-26 07:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-25 20:22 . 2012-01-25 20:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-01-26 07:32 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-25 20:22 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-26 07:32 . 2012-01-26 07:32 449244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3040717199-1424661705-2491633218-1005-12288.dat
+ 2012-01-12 06:20 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2012-01-12 06:20 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
- 2011-08-12 19:33 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-01-12 06:20 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
- 2009-08-03 19:59 . 2009-08-03 19:59 606208 c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Web.resources.dll
+ 2012-01-12 06:20 . 2010-11-13 02:01 606208 c:\windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Web.resources.dll
+ 2009-07-14 04:45 . 2012-01-25 21:07 7112398 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-25 17:06 7112398 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-01-25 17:02 . 2012-01-25 22:57 1543700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3040717199-1424661705-2491633218-1004-8192.dat
+ 2011-12-07 12:10 . 2012-01-26 07:32 2192448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3040717199-1424661705-2491633218-1004-12288.dat
+ 2012-01-12 06:20 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-12 06:20 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-01-25 21:07 . 2012-01-25 21:07 2711040 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\45339e741d73e8f1f9393df8163c8c00\System.Workflow.Runtime.ni.dll
+ 2012-01-25 21:07 . 2012-01-25 21:07 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\48ef2f59740ad3d438d0514b335dd334\System.Workflow.ComponentModel.ni.dll
+ 2012-01-25 21:06 . 2012-01-25 21:06 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\7972e04df268430da009e63e90ff4ca9\System.Workflow.Activities.ni.dll
+ 2012-01-25 21:06 . 2012-01-25 21:06 2292224 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\8d374a0a9c49f485a7ce6e89ec354b4c\System.Web.Services.ni.dll
+ 2012-01-25 21:06 . 2012-01-25 21:06 1022976 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\d12c2299179cb05591cf08c8712a6495\System.Runtime.Remoting.ni.dll
+ 2012-01-25 21:07 . 2012-01-25 21:07 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\ad68aa9e6fa1ec8005e1f604579a76be\System.Workflow.Runtime.ni.dll
- 2011-08-12 19:34 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-12 06:20 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-12 06:20 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-12 06:20 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-25 21:06 . 2012-01-25 21:06 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\ab920a032a9b63aa07f26c5592d7c72c\System.Web.ni.dll
+ 2012-01-25 21:06 . 2012-01-25 21:06 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\665178c1ccfd538896eaa0fff283b6ef\System.Design.ni.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
eInstruction Device Manager.lnk - c:\found.000\dir0032.chk\Launch.exe [N/A]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-5-30 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-5-30 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-03-27 1800808]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 13:36]
.
2012-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-30 13:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-27 17412200]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{C11D9367-73A4-42C7-B712-1A23575E338B}: NameServer = 212.111.0.10
FF - ProfilePath - c:\users\spravce\AppData\Roaming\Mozilla\Firefox\Profiles\w659ege4.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
Celkový čas: 2012-01-26 08:53:45
ComboFix-quarantined-files.txt 2012-01-26 07:53
ComboFix2.txt 2012-01-25 20:27
ComboFix3.txt 2012-01-25 16:47
ComboFix4.txt 2012-01-25 11:56
ComboFix5.txt 2012-01-26 07:08
.
Před spuštěním: Volných bajtů: 40 349 442 048
Po spuštění: Volných bajtů: 40 278 605 824
.
- - End Of File - - 641315F4065690D344B6B3DFAACBF722

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:services
gupdate
gupdatem

:reg
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"=-
"UpdateP2GoShortCut"=-
"ApnUpdater"=-

:files
C:\found.000
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\program files (x86)\Ask.com
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named gupdate was found to stop!
Service\Driver key gupdate not found.
Error: No service named gupdatem was found to stop!
Service\Driver key gupdatem not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440}\ not found.
Registry key HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1 not found.
Registry key HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\ not found.
Registry key HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateLBPShortCut not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GoShortCut not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
========== FILES ==========
File\Folder C:\found.000 not found.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File\Folder c:\program files (x86)\Ask.com not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admini
->Temp folder emptied: 33719 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6441452 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: OZV
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 629477 bytes
->FireFox cache emptied: 170307147 bytes
->Google Chrome cache emptied: 6855957 bytes
->Flash cache emptied: 2505 bytes

User: Public
->Temp folder emptied: 0 bytes

User: spravce
->Temp folder emptied: 11858 bytes
->Temporary Internet Files folder emptied: 665624 bytes
->FireFox cache emptied: 74863476 bytes
->Flash cache emptied: 930 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328041 bytes
->FireFox cache emptied: 48088831 bytes
->Flash cache emptied: 8563 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 294.00 mb

[EMPTYFLASH]

User: Admini

User: All Users

User: Default

User: Default User

User: OZV
->Flash cache emptied: 0 bytes

User: Public

User: spravce
->Flash cache emptied: 0 bytes

User: UpdatusUser

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01262012_125531

Files\Folders moved on Reboot...
C:\Users\spravce\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\spravce\AppData\Local\Mozilla\Firefox\Profiles\w659ege4.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Co nas pacient, jak se chova

Děkuji všem za pomoc. Nakonec jsem to celé přeinstalovala, což jsem puvodne nechtela, ale problem to vyresilo. A notebook je mozno dale pouzivat.
Díky

Nemate tedy zac

VIRY.CZ

Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu

Re: Prosim o kontrolu