Problém se spouštěním RSIT a jiných aplikací

[riffman]

radek s killall vynechte z postupu

[Kos112567]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 11:53:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\Vlastník\LOCALS~1\Temp\afpoafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xF8366F80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF8366552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF8362882]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF8365A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF8365910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF8365F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF8367034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF8362D54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF8362E70]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF8366906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF8362B78]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF83660DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF8366CE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF8363038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF8366BB2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Services - GMER 1.0.15 ----

Service D:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] lrhdae <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@DisplayName Manager Config
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae@Description Umo??uje spu?t?n? n?pov?dy a odborn? pomoci v tomto po??ta?i. Pokud je tato slu?ba zastavena, n?pov?da a odborn? pomoc nebude k dispozici. Pokud je tato slu?ba vypnuta, nebude mo?n? spustit ??dnou z explicitn? z?visl?ch slu?eb.
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\lrhdae\Parameters@ServiceDll D:\WINDOWS\system32\bqapksu.dll
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@DisplayName Manager Config
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae@Description Umo??uje spu?t?n? n?pov?dy a odborn? pomoci v tomto po??ta?i. Pokud je tato slu?ba zastavena, n?pov?da a odborn? pomoc nebude k dispozici. Pokud je tato slu?ba vypnuta, nebude mo?n? spustit ??dnou z explicitn? z?visl?ch slu?eb.
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\lrhdae\Parameters@ServiceDll D:\WINDOWS\system32\bqapksu.dll

---- EOF - GMER 1.0.15 ----

[riffman]

stahnete Avenger


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

do okna s nazvem Input script here vlozte nasledujici text:

Kód: Vybrat vše

Drivers to delete:
lrhdae

kliknete na Execute, potvrdte na vyskocivsim okne hlasku o potvrzeni provedeni skriptu klikem na Yes:



pote budete odmeneni dalsim okynkem informujicim vas o nastaveni skriptu pro dalsi start OS, kliknutim na tlacitko Yes restartujete pocitac

po restartu na vas vybafne log z avengeru, vlozte jej sem

[Kos112567]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "lrhdae" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[riffman]

super, zopakujte sken GMERem a dlouhy log sem

[Kos112567]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-29 20:22:48
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\Vlastník\LOCALS~1\Temp\afpoafod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwClose [0xF8366F80]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xF8366552]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateKey [0xF8362882]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xF8365A1A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xF8365910]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xF8365F2A]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xF8367034]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xF8362D54]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwDeleteValueKey [0xF8362E70]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xF8366906]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwOpenKey [0xF8362B78]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xF83660DC]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xF8366CE0]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwSetValueKey [0xF8363038]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Kerio Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xF8366BB2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat F7DB7D20

---- EOF - GMER 1.0.15 ----

[riffman]

nadhera

opakovat sken Combofixem a log sem

[Kos112567]

ComboFix 10-07-29.04 - Vlastník 30.07.2010 17:07:45.4.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.502.274 [GMT 2:00]
Spuštěný z: d:\documents and settings\Vlastník\Plocha\ComboFix.exe
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-22 12:51 . 2010-07-22 12:51 -------- d-----w- D:\ProgramData
2010-07-22 11:22 . 2010-07-22 11:22 552 ----a-w- d:\windows\system32\d3d8caps.dat
2010-07-20 18:23 . 2010-07-20 18:23 -------- d-----w- d:\program files\Innovative Solutions
2010-07-20 05:34 . 2010-07-20 05:34 -------- d-----w- d:\program files\trend micro
2010-07-20 05:34 . 2010-07-20 05:34 -------- d-----w- D:\rsit
2010-07-06 13:35 . 2010-07-06 13:35 -------- d-----w- D:\FOUND.022
2010-07-02 14:03 . 2010-07-02 14:03 -------- d-----w- D:\FOUND.021

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 17:24 . 2010-03-17 19:11 5560 ----a-w- d:\windows\system32\drivers\fwdrv.err
2010-06-17 15:26 . 2010-06-17 15:26 -------- d-----w- d:\program files\Common Files\PersonSecurityUninstall
2010-05-12 12:13 . 2010-05-12 12:13 688 ----a-w- d:\program files\GIMP 2.lnk
2010-05-06 10:35 . 2006-03-02 10:00 916480 ----a-w- d:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-03-02 10:00 1851264 ----a-w- d:\windows\system32\win32k.sys
2010-04-26 19:05 . 2010-04-08 15:22 1641 ----a-w- d:\program files\Adobe Reader 9.lnk
2010-04-08 07:12 . 2010-04-08 05:16 8185280 ----a-w- d:\program files\Firefox Setup 3.6.3.exe
2010-01-27 18:20 . 2010-01-27 18:20 12109496 ----a-w- d:\program files\install_icq7.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 14:15 1345336 ----a-w- d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "d:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Meebo Notifier"="d:\documents and settings\Vlastník\Local Settings\Data aplikací\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-06-07 802504]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="d:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="d:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="d:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="d:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"Broadcom Wireless Manager UI"="d:\windows\system32\WLTRAY.exe" [2005-11-11 1236992]
"SynTPEnh"="d:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SweetIM"="d:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Vlastnˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

d:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
McAfee Security Scan Plus.lnk - d:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Documents and Settings\\Vlastník\\Local Settings\\Data aplikací\\Meebo\\Meebo Notifier\\MeeboNotifier.exe"=
"c:\\Program Files\\Kerio Personal Firewall\\kpf4gui.exe"=
"d:\\Program Files\\WinRAR\\WinRAR.exe"=
"d:\\Program Files\\Messenger\\MSMSGS.EXE"=
"d:\\Program Files\\ICQ7.0\\ICQ.exe"=
"d:\\Program Files\\ICQ7.0\\aolload.exe"=
"d:\\Program Files\\Opera\\opera.exe"=

R1 fwdrv;Firewall Driver;d:\windows\system32\drivers\fwdrv.sys [20.2.2007 13:34 302000]
S1 khips;Kerio HIPS Driver;d:\windows\system32\drivers\khips.sys [20.2.2007 13:34 71088]
S2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [25.2.2009 22:24 246520]
S3 McComponentHostService;McAfee Security Scan Component Host Service;d:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 13:49 227232]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MDMXSDK
*Deregistered* - afpoafod
.
Obsah adresáře 'Naplánované úlohy'

2010-07-29 d:\windows\Tasks\User_Feed_Synchronization-{8FF04350-F59E-4CE1-8183-A0B3F7B06C54}.job
- d:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - d:\program files\Get Styles\ct.htm
FF - ProfilePath - d:\documents and settings\Vlastník\Data aplikací\Mozilla\Firefox\Profiles\5mtlujze.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/skins7/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 17:14
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-07-30 17:18:29
ComboFix-quarantined-files.txt 2010-07-30 15:18
ComboFix2.txt 2010-07-25 18:42

Před spuštěním: Volných bajtů: 29 345 275 904
Po spuštění: Volných bajtů: 29 334 441 984

- - End Of File - - 9DBF16BB51E31CCF00B66C6EAADBB276

[riffman]

jak to vypada se strojem ted?

[Kos112567]

Vypadá to že šlape jak hodinky, mnohokrát Vám děkuji

[riffman]

jeste po mne uklidte

http://sweb.cz/Marinus/T-Cleaner.exe

stahnout (ignorujte pripadne hlasky vaseho antiviru o infekci, skutecne se o malware nejedna), spustit, v okne potvrdit klepnutim na klavesu A vykonani akce, nechat probehnout


a nemate zac