Na USB zástupci

Zpráva

AhawkA · #1 Příspěvek od **AhawkA** » 06 srp 2013 12:05

Ahoj, mám problém s usb disky. Na všech mám pouze zástupce a soubory vidím pouze jako skryté.
Poradí mi někdo. Díky moc
Posílám log z rsitu:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Moje at 2013-08-06 13:04:26
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 10 GB (27%) free of 38 GB
Total RAM: 1014 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:04:31, on 6.8.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\explorer.exe
C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Users\Moje\Downloads\RSIT.exe
C:\Program Files\trend micro\Moje.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/?clid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe" -autorun
O4 - Startup: sbbmywbnen.vbs
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{267D479A-3864-4039-2A2A-A3C47AFC9839}: NameServer = 93.153.117.1 93.153.117.33
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

--
End of file - 4496 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Moje\AppData\Roaming\Mozilla\Firefox\Profiles\e4c6eij0.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe [2001-07-09 155648]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"Ad-Aware Antivirus"=C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher --windows-run []
"Ad-Aware Browsing Protection"=C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [2011-10-21 198032]
"SBRegRebootCleaner"=C:\Program Files\Ad-Aware Antivirus\SBRC.exe [2011-12-19 200560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"=C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2012-01-20 719672]
"T-Mobile CManager"=C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe [2013-07-03 2076952]

C:\Users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
sbbmywbnen.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-08-06 13:01:37 ----D---- C:\rsit
2013-08-06 13:01:37 ----D---- C:\Program Files\trend micro
2013-08-06 12:55:45 ----D---- C:\Program Files\CCleaner
2013-08-06 12:43:56 ----D---- C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-08-06 12:32:27 ----SHD---- C:\$RECYCLE.BIN
2013-08-06 12:32:22 ----D---- C:\Windows\temp
2013-08-06 12:32:20 ----A---- C:\ComboFix.txt
2013-08-06 12:19:01 ----A---- C:\Windows\zip.exe
2013-08-06 12:19:01 ----A---- C:\Windows\SWSC.exe
2013-08-06 12:19:01 ----A---- C:\Windows\SWREG.exe
2013-08-06 12:19:01 ----A---- C:\Windows\sed.exe
2013-08-06 12:19:01 ----A---- C:\Windows\PEV.exe
2013-08-06 12:19:01 ----A---- C:\Windows\NIRCMD.exe
2013-08-06 12:19:01 ----A---- C:\Windows\MBR.exe
2013-08-06 12:19:01 ----A---- C:\Windows\grep.exe
2013-08-06 12:18:36 ----A---- C:\Windows\wininit.ini
2013-08-06 12:17:32 ----D---- C:\Qoobox
2013-08-06 12:15:02 ----D---- C:\Windows\erdnt
2013-08-06 11:44:43 ----D---- C:\ProgramData\Ad-Aware Antivirus
2013-08-06 11:42:09 ----A---- C:\Windows\system32\SBRC.dat
2013-08-06 11:41:14 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-08-06 11:40:42 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2013-08-06 11:29:42 ----D---- C:\ProgramData\Ad-Aware Browsing Protection
2013-08-06 11:27:40 ----A---- C:\Windows\system32\drivers\sbhips.sys
2013-08-06 11:27:37 ----D---- C:\ProgramData\Lavasoft
2013-08-06 11:27:36 ----D---- C:\Windows\system32\drivers\VDD
2013-08-06 11:27:35 ----D---- C:\Program Files\Ad-Aware Antivirus
2013-08-06 11:24:15 ----D---- C:\Users\Moje\AppData\Roaming\Ad-Aware Antivirus
2013-08-03 03:01:04 ----D---- C:\Program Files\MSXML 4.0
2013-08-01 12:15:37 ----D---- C:\ProgramData\Office Genuine Advantage
2013-08-01 09:49:35 ----A---- C:\Windows\system32\TwnLib20.dll
2013-08-01 09:49:31 ----N---- C:\Windows\system32\picn20.dll
2013-08-01 09:49:26 ----A---- C:\Windows\system32\NeroCheck.exe
2013-08-01 09:49:18 ----D---- C:\Program Files\Ahead
2013-07-31 12:04:19 ----D---- C:\Users\Moje\AppData\Roaming\T-Mobile
2013-07-31 10:25:30 ----D---- C:\Program Files\Mozilla Firefox
2013-07-16 03:13:55 ----A---- C:\Windows\system32\jscript.dll
2013-07-16 03:13:53 ----A---- C:\Windows\system32\jsproxy.dll
2013-07-16 03:13:53 ----A---- C:\Windows\system32\jscript9.dll
2013-07-16 03:13:53 ----A---- C:\Windows\system32\iesetup.dll
2013-07-16 03:13:52 ----A---- C:\Windows\system32\ieui.dll
2013-07-16 03:13:51 ----A---- C:\Windows\system32\urlmon.dll
2013-07-16 03:13:51 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 03:13:51 ----A---- C:\Windows\system32\msfeeds.dll
2013-07-16 03:13:51 ----A---- C:\Windows\system32\iesysprep.dll
2013-07-16 03:13:51 ----A---- C:\Windows\system32\iernonce.dll
2013-07-16 03:13:51 ----A---- C:\Windows\system32\ie4uinit.exe
2013-07-16 03:13:50 ----A---- C:\Windows\system32\iertutil.dll
2013-07-16 03:13:48 ----A---- C:\Windows\system32\wininet.dll
2013-07-16 03:13:46 ----A---- C:\Windows\system32\ieframe.dll
2013-07-16 03:13:43 ----A---- C:\Windows\system32\mshtml.dll
2013-07-15 07:40:12 ----A---- C:\Windows\system32\DWrite.dll
2013-07-15 07:40:07 ----A---- C:\Windows\system32\win32spl.dll
2013-07-15 07:40:00 ----A---- C:\Windows\system32\crypt32.dll
2013-07-15 07:40:00 ----A---- C:\Windows\system32\certutil.exe
2013-07-15 07:39:59 ----A---- C:\Windows\system32\cryptsvc.dll
2013-07-15 07:39:59 ----A---- C:\Windows\system32\cryptnet.dll
2013-07-15 07:39:59 ----A---- C:\Windows\system32\certenc.dll
2013-07-15 07:39:39 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-07-15 07:39:38 ----A---- C:\Windows\system32\qedit.dll
2013-07-15 07:39:37 ----A---- C:\Windows\system32\win32k.sys
2013-07-15 07:39:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-07-15 07:39:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-07-15 07:39:28 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-07-08 11:25:09 ----D---- C:\Program Files\T-Mobile
2013-07-08 11:23:23 ----A---- C:\Windows\system32\WdfCoInstaller01007.dll
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01007.dll
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\mod7700.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ewusbwwan.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ew_usbenumfilter.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ew_juwwanecm.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ew_juextctrl.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ew_jucdcecm.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ew_jucdcacm.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ew_jubusenum.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ew_hwusbdev.sys
2013-07-08 11:23:23 ----A---- C:\Windows\system32\drivers\ew_hwupgrade.sys
2013-07-08 11:22:53 ----D---- C:\Program Files\Huawei

======List of files/folders modified in the last 1 month======

2013-08-06 13:01:37 ----RD---- C:\Program Files
2013-08-06 12:58:09 ----D---- C:\Windows\Panther
2013-08-06 12:58:09 ----D---- C:\Windows\ModemLogs
2013-08-06 12:58:09 ----D---- C:\Windows\Minidump
2013-08-06 12:58:09 ----D---- C:\Windows\Logs
2013-08-06 12:58:09 ----D---- C:\Windows\inf
2013-08-06 12:58:09 ----D---- C:\Windows\debug
2013-08-06 12:58:09 ----D---- C:\Windows
2013-08-06 12:55:55 ----D---- C:\Windows\system32\Tasks
2013-08-06 12:44:54 ----D---- C:\Windows\System32
2013-08-06 12:44:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-06 12:43:56 ----D---- C:\ProgramData
2013-08-06 12:30:17 ----A---- C:\Windows\system.ini
2013-08-06 12:30:08 ----D---- C:\Windows\system32\drivers\etc
2013-08-06 12:26:25 ----D---- C:\Windows\system32\drivers
2013-08-06 12:26:25 ----D---- C:\Windows\AppPatch
2013-08-06 12:26:23 ----D---- C:\Program Files\Common Files
2013-08-06 12:19:48 ----SHD---- C:\System Volume Information
2013-08-06 12:18:42 ----SD---- C:\ProgramData\Microsoft
2013-08-06 12:18:40 ----D---- C:\Windows\Prefetch
2013-08-06 11:29:48 ----SHD---- C:\Windows\Installer
2013-08-06 11:27:35 ----D---- C:\Program Files\Common Files\microsoft shared
2013-08-06 09:47:21 ----D---- C:\Windows\system32\config
2013-08-05 10:25:52 ----D---- C:\Windows\system32\catroot2
2013-08-05 10:24:35 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-08-03 03:01:46 ----D---- C:\Windows\winsxs
2013-08-01 09:51:10 ----D---- C:\Program Files\Common Files\Ahead
2013-07-31 16:33:11 ----SD---- C:\Users\Moje\AppData\Roaming\Microsoft
2013-07-31 11:20:55 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-07-29 15:17:26 ----D---- C:\Users\Moje\AppData\Roaming\vlc
2013-07-18 07:26:59 ----D---- C:\Windows\system32\NDF
2013-07-16 04:30:34 ----D---- C:\Windows\rescache
2013-07-16 03:56:26 ----D---- C:\Windows\Microsoft.NET
2013-07-16 03:55:05 ----RSD---- C:\Windows\assembly
2013-07-16 03:38:04 ----D---- C:\Program Files\Internet Explorer
2013-07-16 03:38:03 ----D---- C:\Windows\system32\cs-CZ
2013-07-16 03:38:03 ----D---- C:\Program Files\Windows Journal
2013-07-16 03:38:01 ----D---- C:\Program Files\Windows Defender
2013-07-16 03:16:34 ----D---- C:\ProgramData\Microsoft Help
2013-07-16 03:14:24 ----D---- C:\Windows\system32\catroot
2013-07-08 11:23:23 ----D---- C:\Windows\system32\DriverStore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 sbapifs;sbapifs; C:\Windows\system32\DRIVERS\sbapifs.sys [2011-11-29 77816]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 89856]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 73984]
R3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 26624]
R3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 186880]
R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2005-11-29 260224]
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [2011-10-26 101112]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Moje\AppData\Local\Temp\catchme.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sbhips;sbhips; C:\Windows\system32\drivers\sbhips.sys [2011-12-19 93816]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ad-Aware Service;Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MbnExt;Mobile Broadband Extension Service; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SBAMSvc;Ad-Aware; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-31 117656]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-07 1343400]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 06 srp 2013 12:30

Zdravim

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

AhawkA · #3 Příspěvek od **AhawkA** » 06 srp 2013 12:50

Log z USBFix:
############################## | UsbFix V 7.096 | [Deletion]

User: Moje (Administrator) # PC
Updated 15/08/2012 by El Desaparecido
Started at 13:06:04 | 06/08/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Dell Inc. (OptiPlex GX280 ) (X86-based PC) # Desktop Computer
CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2793)
RAM -> [Total : 1014 | Free : 273]
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A03
BOOT: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.10.9200.16635

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Lavasoft Ad-Aware [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 37 Gb (10 Mb free - 27%) [] # NTFS
D:\ -> Fixed drive # 56 Gb (5 Mb free - 9%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Removable drive # 2 Gb (313 Mb free - 16%) [FLASH] # FAT32
I:\ -> Removable drive # 15 Gb (9 Mb free - 60%) [KINGSTON] # FAT32

################## | Active Processes |

C:\Windows\system32\csrss.exe (336)
C:\Windows\system32\wininit.exe (392)
C:\Windows\system32\csrss.exe (404)
C:\Windows\system32\winlogon.exe (428)
C:\Windows\system32\services.exe (488)
C:\Windows\system32\lsass.exe (496)
C:\Windows\system32\lsm.exe (504)
C:\Windows\system32\svchost.exe (616)
C:\Windows\system32\svchost.exe (680)
C:\Windows\System32\svchost.exe (776)
C:\Windows\System32\svchost.exe (860)
C:\Windows\system32\svchost.exe (888)
C:\Windows\system32\svchost.exe (912)
C:\Windows\system32\svchost.exe (1168)
C:\Windows\system32\svchost.exe (1300)
C:\Windows\System32\spoolsv.exe (1412)
C:\Windows\system32\taskhost.exe (1456)
C:\Windows\system32\Dwm.exe (1564)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1720)
C:\Windows\system32\svchost.exe (1808)
C:\Windows\system32\svchost.exe (340)
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (768)
C:\Windows\system32\SearchIndexer.exe (2592)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (2772)
C:\Windows\System32\WUDFHost.exe (2808)
C:\Windows\system32\sppsvc.exe (3268)
C:\Windows\System32\svchost.exe (3560)
C:\Program Files\Windows Media Player\wmpnetwk.exe (3724)
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (3112)
C:\Windows\explorer.exe (3404)
C:\Windows\system32\AUDIODG.EXE (3800)
C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe (3816)
C:\Program Files\Mozilla Firefox\firefox.exe (3388)
C:\Windows\system32\wbem\wmiprvse.exe (2412)
C:\UsbFix\Go.exe (2660)

################## | Stopped processes |

Stopped! C:\Windows\System32\spoolsv.exe (1412)
Stopped! C:\Windows\system32\taskhost.exe (1456)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1720)
Stopped! C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (768)
Stopped! C:\Windows\system32\SearchIndexer.exe (2592)
Stopped! C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (2772)
Stopped! C:\Windows\System32\WUDFHost.exe (2808)
Stopped! C:\Windows\system32\sppsvc.exe (3268)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (3724)
Stopped! C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (3112)
Stopped! C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe (3816)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (3388)

################## | Files # Infected Folders |

Deleted ! I:\Jarmila PilnáMateřská školka.lnk
Deleted ! I:\HiJackThis.lnk
Deleted ! I:\13062013.lnk
Deleted ! I:\Pracovní ELEM_2Pavel.lnk
Deleted ! I:\ELEMDB.lnk
Deleted ! I:\New.lnk
Deleted ! I:\Plachta.lnk
Deleted ! I:\SoftWare.lnk
Deleted ! I:\Office 2010.lnk
Deleted ! I:\PhotoEd.lnk
Deleted ! I:\Denik.lnk
Deleted ! I:\Filmy.lnk
Deleted ! I:\nds.lnk
Deleted ! I:\Martin.lnk
Not deleted ! F:\Autorun.exe
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-1745255568-1133057354-643818281-1002
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-1693048463-479235785-355450921-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-1745255568-1133057354-643818281-1002
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-28986350-3897298608-2592365484-1000
Deleted ! D:\$RECYCLE.BIN\S-1-5-21-815806325-1383951967-655019643-1000
Deleted ! D:\Recycler\S-1-5-18
Deleted ! D:\Recycler\S-1-5-21-1123561945-492894223-682003330-500
Deleted ! D:\Recycler\S-1-5-21-2099920240-142557261-331643106-1138
Deleted ! D:\Recycler\S-1-5-21-682003330-1343024091-1060284298-1003
Deleted ! D:\Recycler\S-1-5-21-73586283-854245398-1060284298-1003
Deleted ! D:\Recycler\S-1-5-21-776561741-1935655697-1343024091-1003
Not deleted ! F:\Autorun.inf
Deleted ! H:\putty.exe

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Listing |

[06/08/2013 - 13:08:26 | SHD ] C:\$RECYCLE.BIN
[10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
[06/08/2013 - 12:32:20 | N | 9722] C:\ComboFix.txt
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[06/05/2013 - 08:03:12 | D ] C:\dell
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[05/08/2013 - 10:41:05 | ASH | 797552640] C:\hiberfil.sys
[07/05/2013 - 09:46:08 | D ] C:\Intel
[06/05/2013 - 13:29:42 | RD ] C:\MSOCache
[05/08/2013 - 10:41:06 | ASH | 1073741824] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[06/08/2013 - 13:01:37 | D ] C:\Program Files
[06/08/2013 - 12:43:56 | D ] C:\ProgramData
[06/08/2013 - 12:32:24 | D ] C:\Qoobox
[30/04/2013 - 12:52:47 | D ] C:\Recovery
[06/08/2013 - 13:01:53 | D ] C:\rsit
[06/08/2013 - 12:19:48 | SHD ] C:\System Volume Information
[07/05/2013 - 09:10:11 | D ] C:\Temp
[30/04/2013 - 12:56:47 | D ] C:\totalcmd
[06/08/2013 - 13:08:26 | D ] C:\UsbFix
[06/08/2013 - 13:06:18 | A | 6239] C:\UsbFix.txt
[30/04/2013 - 12:53:03 | D ] C:\Users
[06/08/2013 - 12:58:09 | D ] C:\Windows
[25/04/2013 - 09:30:17 | D ] D:\$AVG
[06/08/2013 - 13:08:26 | D ] D:\$RECYCLE.BIN
[19/09/2012 - 10:04:14 | D ] D:\HAMILTON
[29/07/2013 - 15:33:55 | D ] D:\My Download Files
[05/06/2013 - 08:14:26 | D ] D:\NEW
[19/12/2011 - 13:26:33 | D ] D:\PFiles
[21/06/2011 - 13:12:24 | D ] D:\Programy
[06/08/2013 - 13:08:26 | D ] D:\RECYCLER
[05/03/2013 - 11:20:22 | SHD ] D:\System Volume Information
[07/05/2013 - 09:24:12 | D ] D:\Temp
[02/06/2013 - 12:03:45 | N | 11303] D:\treeinfo.wc
[07/01/2011 - 13:29:07 | R | 47344] F:\Autorun.exe
[24/02/2010 - 17:10:56 | R | 25214] F:\Autorun.ico
[22/11/2011 - 20:57:26 | R | 238] F:\Autorun.inf
[22/09/2010 - 08:13:39 | D ] F:\Drivers
[13/05/2010 - 16:48:13 | D ] F:\cs
[13/05/2010 - 16:48:15 | D ] F:\en
[11/03/2013 - 12:08:26 | D ] H:\SW
[25/04/2013 - 07:22:18 | N | 133277832] H:\avg_free_x86_all_2013_3272a6212.exe
[30/05/2013 - 11:32:54 | D ] H:\AVG-2013+key
[24/04/2013 - 10:19:46 | D ] H:\Dell
[07/06/2013 - 11:45:58 | N | 765] H:\tete.txt
[07/05/2008 - 08:07:30 | N | 322523176] H:\WindowsXP-KB936929-SP3-x86-CSY.exe
[09/05/2013 - 09:20:28 | N | 388608] H:\HiJackThis.exe
[30/05/2013 - 07:59:08 | N | 659968] H:\MicrosoftFixit50195.msi
[05/08/2013 - 10:12:56 | D ] H:\pokus
[24/04/2013 - 12:13:20 | D ] I:\SoftWare
[06/05/2013 - 13:02:42 | D ] I:\Office 2010
[09/05/2013 - 07:13:04 | N | 15618] I:\Jarmila PilnáMateřská školka.docx
[09/05/2013 - 08:26:22 | D ] I:\PhotoEd
[09/05/2013 - 09:20:28 | N | 388608] I:\HiJackThis.exe
[22/05/2013 - 12:19:56 | D ] I:\Denik
[03/06/2013 - 09:57:56 | D ] I:\Filmy
[14/06/2013 - 07:06:46 | N | 119712] I:\13062013.xls
[18/06/2013 - 12:56:50 | N | 470605] I:\Pracovní ELEM_2Pavel.xlsx
[18/06/2013 - 12:56:54 | N | 144905] I:\ELEMDB.xlsx
[08/07/2013 - 11:55:58 | N | 24728445] I:\New.English.File.Pre-Intermediate-Students.Book.rar
[10/07/2013 - 13:49:24 | D ] I:\nds
[26/07/2013 - 13:36:58 | N | 5760054] I:\Plachta.bmp
[26/07/2013 - 13:41:52 | N | 895275] I:\Plachta.jpg
[01/08/2013 - 09:49:58 | D ] I:\Martin
[02/08/2013 - 06:19:58 | N | 101933] I:\sbbmywbnen.vbs

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |

#4 Příspěvek od **vyosek** » 06 srp 2013 12:52

Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Poprosim o jeho log c:\combofix.txt

AhawkA · #5 Příspěvek od **AhawkA** » 06 srp 2013 13:00

Combofix:
ComboFix 13-08-05.03 - Moje 06.08.2013 12:22:00.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1014.291 [GMT 2:00]
Spuštěný z: c:\users\Moje\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Moje\AppData\Roaming\adaware-installer-reboot-required.tmp
c:\users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\102b3bcad4053f1630a0d725fba934ba.exe
c:\users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ce5c21bd74c042cdcd945e699c951c5.exe
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-06 do 2013-08-06 )))))))))))))))))))))))))))))))
.
.
2013-08-06 10:30 . 2013-08-06 10:30 -------- d-----w- c:\users\Moje\AppData\Local\temp
2013-08-06 10:30 . 2013-08-06 10:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-06 09:44 . 2013-08-06 09:44 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-08-06 09:41 . 2013-08-06 09:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-08-06 09:40 . 2013-08-06 10:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-08-06 09:40 . 2013-08-06 09:40 -------- d-----w- c:\users\Moje\AppData\Local\Programs
2013-08-06 09:29 . 2013-08-06 09:29 -------- d-----w- c:\users\Moje\AppData\Local\adaware
2013-08-06 09:29 . 2013-08-06 09:29 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-06 09:27 . 2011-12-19 10:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2013-08-06 09:27 . 2013-08-06 09:27 -------- d-----w- c:\programdata\Lavasoft
2013-08-06 09:27 . 2013-08-06 09:27 -------- d-----w- c:\windows\system32\drivers\VDD
2013-08-06 09:27 . 2013-08-06 09:42 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-08-06 09:26 . 2013-08-06 09:26 -------- d-----w- c:\users\Moje\AppData\Local\Downloaded Installations
2013-08-06 09:24 . 2013-08-06 10:14 -------- d-----w- c:\users\Moje\AppData\Roaming\Ad-Aware Antivirus
2013-08-03 01:01 . 2013-08-03 01:01 -------- d-----w- c:\program files\MSXML 4.0
2013-08-02 04:20 . 2013-08-02 04:19 101933 --sha-w- c:\users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sbbmywbnen.vbs
2013-08-02 02:45 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F688247-1A5E-4CEB-B9BA-5FC2F4B7E5FE}\mpengine.dll
2013-08-01 10:15 . 2013-08-01 10:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2013-08-01 07:49 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2013-08-01 07:49 . 2001-06-26 06:15 38912 ------w- c:\windows\system32\picn20.dll
2013-08-01 07:49 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2013-08-01 07:49 . 2013-08-01 07:49 -------- d-----w- c:\program files\Ahead
2013-07-31 10:04 . 2013-07-31 10:04 -------- d-----w- c:\users\Moje\AppData\Roaming\T-Mobile
2013-07-15 05:40 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-15 05:40 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-07-15 05:40 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-07-15 05:40 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-07-08 09:25 . 2013-07-31 10:04 -------- d-----w- c:\program files\T-Mobile
2013-07-08 09:22 . 2013-07-08 09:22 -------- d-----w- c:\program files\Huawei
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-31 09:20 . 2013-05-06 05:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-31 09:20 . 2013-05-06 05:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"T-Mobile CManager"="c:\program files\T-Mobile\T-Mobile Internet Manager\Manager.exe" [2013-07-03 2076952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SBRegRebootCleaner"="c:\program files\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
.
c:\users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sbbmywbnen.vbs [2013-8-2 101933]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Definitions\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 89856]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 186880]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 93816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-07 1343400]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 77816]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 73984]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SBAPIFS
*NewlyCreated* - SBRE
*Deregistered* - SBRE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-06 09:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/?clid=2
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Moje\AppData\Roaming\Mozilla\Firefox\Profiles\e4c6eij0.default\
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-08-06 12:32:20
ComboFix-quarantined-files.txt 2013-08-06 10:32
.
Před spuštěním: 8 212 484 096
Po spuštění: Volných bajtů: 10 564 878 336
.
- - End Of File - - 463719F81951AAAA14D2A3EAD2664EBC
A36C5E4F47E84449FF07ED3517B43A31

#6 Příspěvek od **vyosek** » 06 srp 2013 15:42

Odinstalujte tyto bezpecnostni SW - nejsou zdaleka tak ucinne a moc nechrani

Ad-Aware Antivirus
Spybot - Search & Destroy

Nainstalujte Avast Free http://www.avast.com/cs-cz/index

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

Ulozte nejlepe na Plochu
Spustte tradicne dvouklikem a postupujte dle pokynu utility
Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

AhawkA · #7 Příspěvek od **AhawkA** » 06 srp 2013 16:27

Posílám log:

Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (23.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast setup avast.setup
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#8 Příspěvek od **vyosek** » 06 srp 2013 20:05

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Collect::
c:\users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sbbmywbnen.vbs

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"-
"NeroFilterCheck"=-
"BCSSync"=-
"Adobe ARM"=-
"Ad-Aware Browsing Protection"=-
"SBRegRebootCleaner"=-

Folder::
c:\programdata\Ad-Aware Browsing Protection

FCopy::
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll | c:\windows\System32\user32.dll

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

AhawkA · #9 Příspěvek od **AhawkA** » 07 srp 2013 06:43

Log z Combofixu:
ComboFix 13-08-05.03 - Moje 07.08.2013 7:20.2.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1014.436 [GMT 2:00]
Spuštěný z: c:\users\Moje\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Moje\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
file zipped: c:\users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sbbmywbnen.vbs
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll --> c:\windows\System32\user32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-07 do 2013-08-07 )))))))))))))))))))))))))))))))
.
.
2013-08-07 05:31 . 2013-08-07 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-07 05:12 . 2006-03-23 19:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2013-08-06 15:21 . 2013-08-06 15:21 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F688247-1A5E-4CEB-B9BA-5FC2F4B7E5FE}\offreg.dll
2013-08-06 14:55 . 2013-08-06 14:56 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-06 14:55 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-06 14:55 . 2013-05-09 08:59 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-06 14:55 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-06 14:55 . 2013-08-06 14:56 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-06 14:55 . 2013-08-06 14:56 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-06 14:55 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-06 14:55 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-06 14:55 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-06 14:51 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-08-06 14:50 . 2013-08-06 14:50 -------- d-----w- c:\program files\AVAST Software
2013-08-06 14:47 . 2013-08-06 14:50 -------- d-----w- c:\programdata\AVAST Software
2013-08-06 11:23 . 2013-08-06 11:23 -------- d-----w- c:\programdata\GFI Software
2013-08-06 11:05 . 2013-08-06 15:47 -------- d-----w- C:\UsbFix
2013-08-06 11:01 . 2013-08-06 11:04 -------- d-----w- c:\program files\trend micro
2013-08-06 11:01 . 2013-08-06 11:01 -------- d-----w- C:\rsit
2013-08-06 10:55 . 2013-08-06 14:45 -------- d-----w- c:\program files\CCleaner
2013-08-06 10:43 . 2013-08-06 10:43 -------- d-----w- c:\programdata\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-08-06 10:32 . 2013-08-07 05:34 -------- d-----w- c:\users\Moje\AppData\Local\temp
2013-08-06 09:44 . 2013-08-06 09:44 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-08-06 09:41 . 2013-08-06 09:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-08-06 09:40 . 2013-08-06 09:40 -------- d-----w- c:\users\Moje\AppData\Local\Programs
2013-08-06 09:27 . 2013-08-06 09:27 -------- d-----w- c:\programdata\Lavasoft
2013-08-06 09:27 . 2013-08-06 11:23 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-08-06 09:26 . 2013-08-06 09:26 -------- d-----w- c:\users\Moje\AppData\Local\Downloaded Installations
2013-08-06 09:24 . 2013-08-06 10:14 -------- d-----w- c:\users\Moje\AppData\Roaming\Ad-Aware Antivirus
2013-08-03 01:01 . 2013-08-03 01:01 -------- d-----w- c:\program files\MSXML 4.0
2013-08-02 04:20 . 2013-08-02 04:19 101933 --sha-w- c:\users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sbbmywbnen.vbs
2013-08-02 02:45 . 2013-07-15 01:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F688247-1A5E-4CEB-B9BA-5FC2F4B7E5FE}\mpengine.dll
2013-08-01 10:15 . 2013-08-01 10:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2013-08-01 07:49 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2013-08-01 07:49 . 2001-06-26 06:15 38912 ------w- c:\windows\system32\picn20.dll
2013-08-01 07:49 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2013-08-01 07:49 . 2013-08-01 07:49 -------- d-----w- c:\program files\Ahead
2013-07-31 10:04 . 2013-07-31 10:04 -------- d-----w- c:\users\Moje\AppData\Roaming\T-Mobile
2013-07-15 05:40 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-15 05:40 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-07-15 05:40 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-07-15 05:40 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-07-08 09:25 . 2013-07-31 10:04 -------- d-----w- c:\program files\T-Mobile
2013-07-08 09:22 . 2013-07-08 09:22 -------- d-----w- c:\program files\Huawei
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 15:47 . 2013-08-06 11:10 314548 ----a-w- C:\UsbFix_Upload_Me_PC.zip
2013-07-31 09:20 . 2013-05-06 05:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-31 09:20 . 2013-05-06 05:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"="c:\program files\T-Mobile\T-Mobile Internet Manager\Manager.exe" [2013-07-03 2076952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
sbbmywbnen.vbs [2013-8-2 101933]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Definitions\0\0sdnclean.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-05-07 1343400]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 89856]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 73984]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 26624]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 186880]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-06 09:20]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Moje\AppData\Roaming\Mozilla\Firefox\Profiles\e4c6eij0.default\
FF - ExtSQL: 2013-08-06 16:52; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2013-08-07 07:37:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-08-07 05:37
ComboFix2.txt 2013-08-06 10:32
.
Před spuštěním: Volných bajtů: 10 184 949 760
Po spuštění: Volných bajtů: 10 293 952 512
.
- - End Of File - - C01FBA96CA2A6CE5F481B203A580956F
A36C5E4F47E84449FF07ED3517B43A31
Nahr nˇ probŘhlo ŁspŘçnŘ

AhawkA · #10 Příspěvek od **AhawkA** » 07 srp 2013 14:12

Tímto postupem mám čistit i ostatní počítače, které jsem si takto zanesl? Čím jsem si vlastně počítače zanesl? Děkuji moc za pomoc.

#11 Příspěvek od **vyosek** » 07 srp 2013 19:41

Na kazdy stroj je treba individualniho pristupu a postupu cisteni

Poprosim o spusteni nasledujiciho

Aplikace ke stažení:

Po stažení FRSTLauncher spustte, objevi se mozna varovani od antiviru, ignorujte a nechte FRSTL spustit

Následně dojde ke stažení FRST a inicializaci

Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na Ano.
Dooznačíme položku Addition.txt - viz obrázek.
Klikneme na tlačítko Scan čímž spustíme skenování.
Počkáme na dokončení skenování FRST a vytvoření doplňkových informací naší nástavbou.
Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
Po uzavření logu se FRSTLauncher.exe ukončí a na ploše nám zbyde utilta FRST a dva logy FRST.txt a Addition.txt - nic z toho zatím nemažeme.

AhawkA · #12 Příspěvek od **AhawkA** » 09 srp 2013 12:38

Log z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-08-2013 02
Ran by Moje (administrator) on 09-08-2013 13:34:11
Running from C:\Users\Moje\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Gemfor s.r.o.) C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKCU\...\Run: [T-Mobile CManager] - C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe [2076952 2013-07-03] (Gemfor s.r.o.)
HKU\Default\...\Run: [T-Mobile CManager] - C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe [ 2013-07-03] (Gemfor s.r.o.)
HKU\Default User\...\Run: [T-Mobile CManager] - C:\Program Files\T-Mobile\T-Mobile Internet Manager\Manager.exe [ 2013-07-03] (Gemfor s.r.o.)
Startup: C:\Users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sbbmywbnen.vbs ()
BootExecute: autocheck autochk * SBBD.exe /d \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Definitionssdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
SearchScopes: HKCU - DefaultScope {971F29D2-E30C-4D3D-A999-3E17BC881FB2} URL = http://search.seznam.cz/?q={searchTerms ... ckSearch_2
SearchScopes: HKCU - ${searchCLSID} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKCU - {971F29D2-E30C-4D3D-A999-3E17BC881FB2} URL = http://search.seznam.cz/?q={searchTerms ... ckSearch_2
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Tcpip\..\Interfaces\{267D479A-3864-4039-2A2A-A3C47AFC9839}: [NameServer]93.153.117.1 93.153.117.33

FireFox:
========
FF ProfilePath: C:\Users\Moje\AppData\Roaming\Mozilla\Firefox\Profiles\e4c6eij0.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: testpilot - C:\Users\Moje\AppData\Roaming\Mozilla\Firefox\Profiles\e4c6eij0.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MbnExt; C:\Program Files\T-Mobile\T-Mobile Internet Manager\MbnExt.dll [414568 2013-05-27] (Gemfor s.r.o.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-06] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-06] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-06] ()
R3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-09] (Huawei Technologies Co., Ltd.)
R3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-09] (Huawei Technologies Co., Ltd.)
R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [186880 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1166972 2006-03-23] (Intel Corporation)
S3 catchme; \??\C:\Users\Moje\AppData\Local\Temp\catchme.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-09 13:33 - 2013-08-09 13:33 - 00000000 ____D C:\Users\Moje\AppData\Local\qb18035A.E8
2013-08-09 13:33 - 2013-08-08 20:46 - 01230104 _____ (Farbar) C:\Users\Moje\Desktop\FRST.exe
2013-08-07 15:45 - 2013-08-07 15:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 13:48 - 2013-08-07 13:48 - 01005568 _____ (Microsoft Corporation) C:\Users\Moje\Downloads\dotNetFx45_Full_setup.exe
2013-08-07 07:37 - 2013-08-07 07:39 - 00009802 ____N C:\ComboFix.txt
2013-08-07 07:12 - 2013-08-06 12:11 - 05100695 ____R (Swearware) C:\Users\Moje\Desktop\ComboFix.exe
2013-08-07 07:12 - 2006-03-23 21:12 - 00139264 _____ (Intel Corporation) C:\Windows\system32\igfxres.dll
2013-08-06 17:10 - 2013-08-07 07:31 - 00006168 _____ C:\Windows\PFRO.log
2013-08-06 16:56 - 2013-08-09 13:07 - 00000224 _____ C:\Windows\setupact.log
2013-08-06 16:56 - 2013-08-06 16:56 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-06 16:56 - 2013-08-06 16:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-06 16:56 - 2013-08-06 16:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-06 16:56 - 2013-08-06 16:56 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 16:55 - 2013-08-06 16:56 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-06 16:55 - 2013-08-06 16:56 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-06 16:55 - 2013-08-06 16:56 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-06 16:55 - 2013-08-06 16:55 - 00002035 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-06 16:55 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-06 16:55 - 2013-05-09 10:59 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-06 16:55 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-06 16:55 - 2013-05-09 10:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-06 16:55 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-06 16:55 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-06 16:51 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-06 16:50 - 2013-08-06 16:50 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-06 16:47 - 2013-08-06 16:50 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-06 16:44 - 2013-08-06 16:46 - 117478104 _____ C:\Users\Moje\Downloads\avast_free_antivirus_setup.exe
2013-08-06 16:44 - 2013-08-06 16:45 - 00891098 _____ C:\Users\Moje\Downloads\SecurityCheck.exe
2013-08-06 13:23 - 2013-08-06 13:23 - 00000000 ____D C:\ProgramData\GFI Software
2013-08-06 13:10 - 2013-08-07 14:38 - 00317790 _____ C:\UsbFix_Upload_Me_PC.zip
2013-08-06 13:05 - 2013-08-07 14:38 - 00009213 _____ C:\UsbFix.txt
2013-08-06 13:05 - 2013-08-07 14:38 - 00000000 ____D C:\UsbFix
2013-08-06 13:01 - 2013-08-06 13:04 - 00000000 ____D C:\Program Files\trend micro
2013-08-06 13:01 - 2013-08-06 13:01 - 00781383 _____ C:\Users\Moje\Downloads\RSIT.exe
2013-08-06 13:01 - 2013-08-06 13:01 - 00000000 ____D C:\rsit
2013-08-06 12:59 - 2013-08-06 12:59 - 01271879 _____ (El Desaparecido) C:\Users\Moje\Downloads\UsbFix.exe
2013-08-06 12:55 - 2013-08-06 16:45 - 00000000 ____D C:\Program Files\CCleaner
2013-08-06 12:43 - 2013-08-06 12:43 - 00000000 ____D C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-08-06 12:19 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-06 12:19 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-06 12:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-06 12:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-06 12:19 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-06 12:19 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-06 12:19 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-06 12:18 - 2013-08-06 12:18 - 00000079 _____ C:\Windows\wininit.ini
2013-08-06 12:17 - 2013-08-07 07:39 - 00000000 ____D C:\Qoobox
2013-08-06 12:15 - 2013-08-07 07:31 - 00000000 ____D C:\Windows\erdnt
2013-08-06 11:44 - 2013-08-06 11:44 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-08-06 11:42 - 2013-08-06 11:42 - 00000104 _____ C:\Windows\system32\SBRC.dat
2013-08-06 11:41 - 2013-08-06 11:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-06 11:29 - 2013-08-06 11:29 - 00000012 _____ C:\Users\Moje\Downloads\FSSC.dat
2013-08-06 11:27 - 2013-08-06 13:23 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-08-06 11:27 - 2013-08-06 11:27 - 00000000 ____D C:\ProgramData\Lavasoft
2013-08-06 11:26 - 2013-08-06 11:26 - 00000000 ____D C:\Users\Moje\AppData\Local\Downloaded Installations
2013-08-06 11:24 - 2013-08-06 12:14 - 00000000 ____D C:\Users\Moje\AppData\Roaming\Ad-Aware Antivirus
2013-08-03 03:01 - 2013-08-03 03:01 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-08-01 12:15 - 2013-08-01 12:15 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2013-08-01 09:51 - 2013-08-01 09:51 - 00001622 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2013-08-01 09:49 - 2013-08-01 09:49 - 00000000 ____D C:\Program Files\Ahead
2013-08-01 09:49 - 2001-07-09 11:50 - 00155648 _____ (Ahead Software Gmbh) C:\Windows\system32\NeroCheck.exe
2013-08-01 09:49 - 2001-06-26 08:15 - 00038912 ____N (Pegasus Imaging Corp.) C:\Windows\system32\picn20.dll
2013-08-01 09:49 - 2000-06-26 11:45 - 00106496 _____ (Pegasus Software) C:\Windows\system32\TwnLib20.dll
2013-07-31 12:04 - 2013-07-31 12:04 - 00001174 _____ C:\Users\Moje\Desktop\T-Mobile Internet Manager.lnk
2013-07-31 12:04 - 2013-07-31 12:04 - 00001174 _____ C:\Users\Default\Desktop\T-Mobile Internet Manager.lnk
2013-07-31 12:04 - 2013-07-31 12:04 - 00001174 _____ C:\Users\Default User\Desktop\T-Mobile Internet Manager.lnk
2013-07-31 12:04 - 2013-07-31 12:04 - 00000000 ____D C:\Users\Moje\AppData\Roaming\T-Mobile
2013-07-31 10:25 - 2013-07-31 10:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-16 03:13 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-16 03:13 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-16 03:13 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-16 03:13 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-16 03:13 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-16 03:13 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-16 03:13 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-16 03:13 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-16 03:13 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-16 03:13 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-16 03:13 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-16 03:13 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-16 03:13 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-16 03:13 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-16 03:13 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 03:13 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-15 07:40 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-15 07:40 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-15 07:40 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-15 07:40 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-15 07:39 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-15 07:39 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 07:39 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-15 07:39 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-15 07:39 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-15 07:39 - 2013-05-08 07:38 - 01293672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-15 07:39 - 2013-05-06 07:06 - 03968872 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-07-15 07:39 - 2013-05-06 07:06 - 03913576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-15 07:39 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

==================== One Month Modified Files and Folders =======

2013-08-09 13:33 - 2013-08-09 13:33 - 00000000 ____D C:\Users\Moje\AppData\Local\qb18035A.E8
2013-08-09 13:07 - 2013-08-06 16:56 - 00000224 _____ C:\Windows\setupact.log
2013-08-09 13:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-08 20:46 - 2013-08-09 13:33 - 01230104 _____ (Farbar) C:\Users\Moje\Desktop\FRST.exe
2013-08-07 15:47 - 2013-08-07 15:45 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 15:47 - 2013-04-30 12:46 - 01564219 _____ C:\Windows\WindowsUpdate.log
2013-08-07 15:47 - 2009-07-14 06:34 - 00028144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 15:47 - 2009-07-14 06:34 - 00028144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 14:54 - 2013-05-06 07:55 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 14:38 - 2013-08-06 13:10 - 00317790 _____ C:\UsbFix_Upload_Me_PC.zip
2013-08-07 14:38 - 2013-08-06 13:05 - 00009213 _____ C:\UsbFix.txt
2013-08-07 14:38 - 2013-08-06 13:05 - 00000000 ____D C:\UsbFix
2013-08-07 13:48 - 2013-08-07 13:48 - 01005568 _____ (Microsoft Corporation) C:\Users\Moje\Downloads\dotNetFx45_Full_setup.exe
2013-08-07 07:39 - 2013-08-07 07:37 - 00009802 ____N C:\ComboFix.txt
2013-08-07 07:39 - 2013-08-06 12:17 - 00000000 ____D C:\Qoobox
2013-08-07 07:38 - 2013-04-30 12:57 - 01576554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-07 07:34 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-07 07:31 - 2013-08-06 17:10 - 00006168 _____ C:\Windows\PFRO.log
2013-08-07 07:31 - 2013-08-06 12:15 - 00000000 ____D C:\Windows\erdnt
2013-08-06 16:56 - 2013-08-06 16:56 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-06 16:56 - 2013-08-06 16:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-06 16:56 - 2013-08-06 16:56 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-06 16:56 - 2013-08-06 16:56 - 00000000 _____ C:\Windows\setuperr.log
2013-08-06 16:56 - 2013-08-06 16:55 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-06 16:56 - 2013-08-06 16:55 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-06 16:56 - 2013-08-06 16:55 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-06 16:55 - 2013-08-06 16:55 - 00002035 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-06 16:55 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-08-06 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-06 16:50 - 2013-08-06 16:50 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-06 16:50 - 2013-08-06 16:47 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-06 16:46 - 2013-08-06 16:44 - 117478104 _____ C:\Users\Moje\Downloads\avast_free_antivirus_setup.exe
2013-08-06 16:45 - 2013-08-06 16:44 - 00891098 _____ C:\Users\Moje\Downloads\SecurityCheck.exe
2013-08-06 16:45 - 2013-08-06 12:55 - 00000000 ____D C:\Program Files\CCleaner
2013-08-06 13:23 - 2013-08-06 13:23 - 00000000 ____D C:\ProgramData\GFI Software
2013-08-06 13:23 - 2013-08-06 11:27 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-08-06 13:04 - 2013-08-06 13:01 - 00000000 ____D C:\Program Files\trend micro
2013-08-06 13:01 - 2013-08-06 13:01 - 00781383 _____ C:\Users\Moje\Downloads\RSIT.exe
2013-08-06 13:01 - 2013-08-06 13:01 - 00000000 ____D C:\rsit
2013-08-06 12:59 - 2013-08-06 12:59 - 01271879 _____ (El Desaparecido) C:\Users\Moje\Downloads\UsbFix.exe
2013-08-06 12:58 - 2013-06-05 14:37 - 00000000 ____D C:\Windows\Minidump
2013-08-06 12:58 - 2013-04-30 22:43 - 00000000 ____D C:\Windows\Panther
2013-08-06 12:43 - 2013-08-06 12:43 - 00000000 ____D C:\ProgramData\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604}
2013-08-06 12:32 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-06 12:32 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-06 12:18 - 2013-08-06 12:18 - 00000079 _____ C:\Windows\wininit.ini
2013-08-06 12:14 - 2013-08-06 11:24 - 00000000 ____D C:\Users\Moje\AppData\Roaming\Ad-Aware Antivirus
2013-08-06 12:11 - 2013-08-07 07:12 - 05100695 ____R (Swearware) C:\Users\Moje\Desktop\ComboFix.exe
2013-08-06 11:44 - 2013-08-06 11:44 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-08-06 11:42 - 2013-08-06 11:42 - 00000104 _____ C:\Windows\system32\SBRC.dat
2013-08-06 11:41 - 2013-08-06 11:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-06 11:29 - 2013-08-06 11:29 - 00000012 _____ C:\Users\Moje\Downloads\FSSC.dat
2013-08-06 11:27 - 2013-08-06 11:27 - 00000000 ____D C:\ProgramData\Lavasoft
2013-08-06 11:26 - 2013-08-06 11:26 - 00000000 ____D C:\Users\Moje\AppData\Local\Downloaded Installations
2013-08-05 10:24 - 2013-05-06 07:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-03 03:01 - 2013-08-03 03:01 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-08-01 12:15 - 2013-08-01 12:15 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2013-08-01 11:32 - 2013-04-30 12:53 - 00000000 ____D C:\Users\Moje\AppData\Local\VirtualStore
2013-08-01 09:51 - 2013-08-01 09:51 - 00001622 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2013-08-01 09:51 - 2013-05-06 13:13 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-08-01 09:49 - 2013-08-01 09:49 - 00000000 ____D C:\Program Files\Ahead
2013-07-31 12:04 - 2013-07-31 12:04 - 00001174 _____ C:\Users\Moje\Desktop\T-Mobile Internet Manager.lnk
2013-07-31 12:04 - 2013-07-31 12:04 - 00001174 _____ C:\Users\Default\Desktop\T-Mobile Internet Manager.lnk
2013-07-31 12:04 - 2013-07-31 12:04 - 00001174 _____ C:\Users\Default User\Desktop\T-Mobile Internet Manager.lnk
2013-07-31 12:04 - 2013-07-31 12:04 - 00000000 ____D C:\Users\Moje\AppData\Roaming\T-Mobile
2013-07-31 12:04 - 2013-07-08 11:25 - 00000000 ____D C:\Program Files\T-Mobile
2013-07-31 11:31 - 2013-06-03 10:40 - 00000000 ____D C:\Users\Moje\AppData\Local\Adobe
2013-07-31 11:20 - 2013-05-06 07:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-31 11:20 - 2013-05-06 07:55 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-31 10:25 - 2013-07-31 10:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-29 15:17 - 2013-05-10 09:39 - 00000000 ____D C:\Users\Moje\AppData\Roaming\vlc
2013-07-23 09:41 - 2013-05-06 13:30 - 00000000 ____D C:\Users\Moje\AppData\Local\Microsoft Help
2013-07-18 07:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-16 04:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-16 03:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-16 03:40 - 2009-07-14 06:33 - 00407856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 03:38 - 2009-07-14 09:50 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 03:38 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-16 03:16 - 2013-05-06 13:30 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-02 00:04

==================== Scheduled Tasks (whitelisted) ===========

Task: {171ECF17-066F-423C-83A6-81FE3D2D6D41} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe No File
Task: {26AF4132-6480-4FA9-A7A6-8C3C5502666D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {57315505-13EC-4662-B86B-20EADA26CFB6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31] (Adobe Systems Incorporated)
Task: {57A5C6B2-A074-42E2-A53F-BFF9A3B139D5} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {73F41DB1-6326-4F05-9BF0-41D8BC536B49} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {A4B7DB0B-B80B-41F0-96FA-BEF1D19A8461} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-05-06] ()
Task: {C442C22C-1DAC-4EAC-8CB9-048E28D7F115} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1745255568-1133057354-643818281-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Supplementary Scan (All) ================

Rozd�ln�

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=dword:00000003
"NoDriveTypeAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000001
"FirewallDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvyu"="msyuv.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"vidc.yvu9"="tsbyuv.dll"
"msacm.l3acm"="C:\\Windows\\System32\\l3codeca.acm"
"vidc.cvid"="iccvid.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:37.15 GB) (Free:10.68 GB) NTFS
Drive d: (DATA) (Fixed) (Total:55.88 GB) (Free:4.83 GB) NTFS
Drive f: (HUAWEI) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

Available physical RAM: 459.33 MB
Total physical RAM: 1014.14 MB
Percentage of memory in use: 54%

==================== End Of Log ==============================

#13 Příspěvek od **vyosek** » 09 srp 2013 16:07

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Startup: C:\Users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sbbmywbnen.vbs ()
HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
SearchScopes: HKCU - DefaultScope {971F29D2-E30C-4D3D-A999-3E17BC881FB2} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_2
SearchScopes: HKCU - ${searchCLSID} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {971F29D2-E30C-4D3D-A999-3E17BC881FB2} URL = http://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_2
2013-08-06 16:44 - 2013-08-06 16:45 - 00891098 _____ C:\Users\Moje\Downloads\SecurityCheck.exe
2013-08-06 11:44 - 2013-08-06 11:44 - 00000000 ____D C:\ProgramData\Ad-Aware Antivirus
2013-08-06 11:42 - 2013-08-06 11:42 - 00000104 _____ C:\Windows\system32\SBRC.dat
2013-08-06 11:41 - 2013-08-06 11:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-06 11:29 - 2013-08-06 11:29 - 00000012 _____ C:\Users\Moje\Downloads\FSSC.dat
2013-08-06 11:27 - 2013-08-06 13:23 - 00000000 ____D C:\Program Files\Ad-Aware Antivirus
2013-08-06 11:27 - 2013-08-06 11:27 - 00000000 ____D C:\ProgramData\Lavasoft
2013-08-06 11:24 - 2013-08-06 12:14 - 00000000 ____D C:\Users\Moje\AppData\Roaming\Ad-Aware Antivirus
2013-08-06 11:41 - 2013-08-06 11:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
Task: {A4B7DB0B-B80B-41F0-96FA-BEF1D19A8461} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-05-06] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\AutoKMS
C:\Users\Moje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sbbmywbnen.vbs
CMD: shutdown /r /f /t 2

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

AhawkA · #14 Příspěvek od **AhawkA** » 21 srp 2013 08:50

Log jsem dám v pondělí. Nejsem u toho počítače.

#15 Příspěvek od **vyosek** » 21 srp 2013 09:21

Dobra dobra

VIRY.CZ

Na USB zástupci

Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci

Re: Na USB zástupci