VIRY.CZ

ComboFix 10-04-13.02 - pc 14.04.2010 15:18:27.1.1 - x86
SystÚm Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.390 [GMT 2:00]
SpuÜtýnř z: f:\programy\Antiviry\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

VAROV┴N═ - NA TOMTO PO╚═TA╚I NEN═ NAINSTALOV┴NA KONZOLA PRO ZOTAVEN═ !!
.

((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikacÝ\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Data aplikacÝ\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\pc\ResErrors.log
c:\recycler\NPROTECT
c:\windows\Downloaded Program Files\UGDCCZ_0001_N122M1712NetInstaller.exe
c:\windows\system32\drivers\f9f59a6.sys
c:\windows\system32\smsc.exe

----- BITS: Mo×nÚ infikovanÚ strßnky -----

hxxp://vestepau.cn
.
((((((((((((((((((((((((((((((((((((((( OvladaŔe/Slu×by )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DHLP
-------\Legacy_PROTECTOR
-------\Service_Protector
-------\Service_f9f59a6

((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-03-14 do 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-13 21:04 . 2004-08-03 20:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-13 21:04 . 2004-08-03 20:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-13 21:03 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-13 21:03 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-13 21:03 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-13 21:03 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-13 20:58 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-13 20:58 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-13 20:58 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-13 20:58 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-13 20:58 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswMon2.sys
2010-04-13 20:58 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-13 20:58 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\Aavmker4.sys
2010-04-13 20:57 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-13 20:57 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-13 20:57 . 2010-04-13 20:57 -------- d-----w- c:\program files\Alwil Software
2010-04-13 19:28 . 2010-04-13 19:53 0 ----a-w- c:\windows\system32\drivers\vuabudnq.sys
2010-04-13 17:32 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-13 17:31 . 2010-04-13 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 17:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-13 15:59 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-13 15:59 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-13 15:59 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-04-13 15:59 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-13 10:54 . 2010-04-13 10:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-04-13 09:38 . 2010-04-13 09:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-13 09:24 . 2010-04-13 09:24 2131816 ----a-w- c:\program files\avg_avwt_stb_all_9_114.exe
2010-04-13 04:37 . 2010-04-13 04:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-07 12:21 . 2010-04-07 12:21 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2010-04-01 05:41 . 2010-04-01 05:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-31 13:31 . 2010-03-31 13:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-31 13:27 . 2010-03-31 13:27 -------- d-sh--w- c:\documents and settings\pc\IECompatCache
2010-03-31 13:16 . 2010-03-31 13:16 -------- d-sh--w- c:\documents and settings\pc\PrivacIE
2010-03-31 13:14 . 2010-03-31 13:14 -------- d-sh--w- c:\documents and settings\pc\IETldCache
2010-03-31 13:09 . 2010-04-13 08:38 -------- d-----w- c:\program files\Seznam.cz
2010-03-31 13:09 . 2010-03-31 13:10 -------- d--h--w- c:\windows\msdownld.tmp
2010-03-31 13:08 . 2010-03-31 13:09 -------- dc-h--w- c:\windows\ie8
2010-03-31 13:08 . 2010-03-31 13:09 -------- d-----w- c:\windows\system32\cs-CZ
2010-03-31 13:05 . 2010-03-31 13:05 18475520 ----a-w- c:\program files\IE8-Setup-XP-v3.exe
2010-03-26 09:08 . 2010-03-26 09:09 -------- d-----w- C:\KnihaJizd3_0

.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 21:15 . 2004-03-23 01:19 90112 ----a-w- c:\windows\DUMP3cab.tmp
2010-04-13 18:14 . 2004-03-23 01:19 90112 ----a-w- c:\windows\DUMP3d38.tmp
2010-04-13 18:13 . 2004-03-23 01:19 90112 ----a-w- c:\windows\DUMP3d37.tmp
2010-04-13 18:11 . 2004-03-23 01:19 90112 ----a-w- c:\windows\DUMP3dc4.tmp
2010-04-13 18:10 . 2004-03-23 01:19 90112 ----a-w- c:\windows\DUMP3d47.tmp
2010-04-13 18:09 . 2004-03-23 01:19 90112 ----a-w- c:\windows\DUMP3e22.tmp
2010-04-13 18:08 . 2004-03-23 01:19 90112 ----a-w- c:\windows\DUMP4045.tmp
2010-04-13 15:58 . 2004-03-23 01:19 90112 ----a-w- c:\windows\DUMP3c3d.tmp
2010-04-13 08:39 . 2009-05-07 05:23 -------- d-----r- c:\program files\Skype
2010-03-29 04:39 . 2001-10-25 12:00 82656 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 04:39 . 2001-10-25 12:00 438014 ----a-w- c:\windows\system32\perfh005.dat
2010-02-25 13:35 . 2010-02-25 13:35 -------- d-----w- c:\program files\Common Files\Freedom Scientific
2010-02-25 13:35 . 2004-03-23 10:51 -------- d-----w- c:\program files\Common Files\Soft602
2010-02-17 06:10 . 2010-02-17 06:10 -------- d-----w- c:\program files\Microsoft Silverlight
2008-08-25 13:07 . 2008-08-25 13:07 15391158 ----a-w- c:\program files\ns3_demo_setup.exe
2008-08-21 13:21 . 2008-08-21 13:21 8274432 ----a-w- c:\program files\TEADEMO.exe
2008-08-21 13:19 . 2008-08-21 13:19 7255040 ----a-w- c:\program files\TRNDEMO.exe
2008-05-05 05:24 . 2008-05-05 05:24 10231336 ----a-w- c:\program files\freedwgviewer.exe
2008-05-05 05:19 . 2008-05-05 05:19 45008184 ----a-w- c:\program files\SetupDesignReview2009.exe
2007-12-13 06:29 . 2007-12-13 06:32 122269 ----a-w- c:\program files\InstallSignerXP.zip
2007-12-13 05:51 . 2007-12-13 06:23 629008 ----a-w- c:\program files\InstallAllXP.zip
2007-11-22 12:22 . 2007-11-22 12:22 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-11-02 09:47 . 2007-11-02 09:46 826017 ----a-w- c:\program files\NeroCDSpeed_4700.zip
2007-08-17 07:49 . 2007-08-17 07:49 1341143 ----a-w- c:\program files\wrar370cz.exe
2003-06-23 13:09 . 2009-06-18 06:16 650 ----a-r- c:\program files\layout.bin
2003-06-23 13:09 . 2009-06-18 06:16 4513451 ----a-r- c:\program files\data1.cab
2003-06-23 13:09 . 2009-06-18 06:16 24811 ----a-r- c:\program files\data1.hdr
2003-06-23 13:09 . 2009-06-18 06:16 9114 ----a-r- c:\program files\_user1.hdr
2003-06-23 13:09 . 2009-06-18 06:16 79 ----a-r- c:\program files\SETUP.INI
2003-06-23 13:09 . 2009-06-18 06:16 49 ----a-r- c:\program files\setup.lid
2003-06-23 13:09 . 2009-06-18 06:16 2048045 ----a-r- c:\program files\_user1.cab
2003-06-23 13:09 . 2009-06-18 06:16 121 ----a-r- c:\program files\DATA.TAG
2003-06-23 13:09 . 2009-06-18 06:16 3942 ----a-r- c:\program files\_sys1.hdr
2003-06-23 13:09 . 2009-06-18 06:16 177161 ----a-r- c:\program files\_sys1.cab
2003-06-23 13:08 . 2009-06-18 06:16 611531 ----a-r- c:\program files\setup.ins
2001-10-04 08:48 . 2009-06-18 06:16 24266 ----a-r- c:\program files\readme.txt
2001-01-03 09:11 . 2009-06-18 06:16 732 ----a-r- c:\program files\cmdopts.txt
2000-04-17 11:58 . 2009-06-18 06:16 2313 ----a-r- c:\program files\setup.lst
1999-02-23 09:45 . 2009-06-18 06:16 296674 ----a-r- c:\program files\_inst32i.ex_
1999-01-12 09:34 . 2009-06-18 06:16 23541 ----a-r- c:\program files\lang.dat
1998-10-27 11:06 . 2009-06-18 06:16 27648 ----a-r- c:\program files\_ISDel.exe
1998-10-08 12:41 . 2009-06-18 06:16 34816 ----a-r- c:\program files\_Setup.dll
1998-07-27 15:41 . 2009-06-18 06:16 450 ----a-r- c:\program files\os.dat
.

------- Sigcheck -------

[-] 2009-03-09 05:35 . C1C4B25DD4D03EA8C70223C0051CF736 . 17408 . . [------] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . 7DC1830F22E7D275B438127B68030239 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[7] 2004-08-17 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2002-09-20 . B26871B5CE92F9D95AE6E62119799EB9 . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-04-29 100056]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-11 282624]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
CAPI Tray.lnk - c:\program files\Microcom ISDN utility\ccmon.exe [2004-7-19 155648]
FlashPath Monitor.lnk - c:\program files\SmartDisk\FlashPath\sdstat.exe [2004-3-23 184320]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

R2 CAPI;CAPI 2.0 Service;c:\windows\system32\drivers\capi.sys [19.7.2004 12:22 27699]
R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [23.3.2004 14:24 72784]
R2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\drivers\ndiscapi.sys [19.7.2004 12:22 26684]
R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [23.3.2004 14:24 73296]
R3 usb2mpa;Microcom ISDN USB Travel C NDISWAN Miniport Driver;c:\windows\system32\drivers\usb2mpa.sys [19.7.2004 12:22 336440]
R3 vmdmc;Microcom VComm+ Port Driver;c:\windows\system32\drivers\vmdmc.sys [19.7.2004 12:24 355921]
S2 gupdate1c9ced42b7493fe;Slu×ba Google Update (gupdate1c9ced42b7493fe);c:\program files\Google\Update\GoogleUpdate.exe [7.5.2009 7:24 133104]
S2 LOL;Win32 USB2 Driver;"c:\windows\System32\winxpinit.exe" -netsvcs --> c:\windows\System32\winxpinit.exe [?]
S2 Microsoft Secure Messenger.NET Service;Microsoft Secure Messenger.NET Service;"c:\windows\System32\securitychk.exe" -netsvcs --> c:\windows\System32\securitychk.exe [?]
S2 MSPatch;HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run;"c:\windows\System32\svhost.exe" -netsvcs --> c:\windows\System32\svhost.exe [?]
S2 SystemIdle.exe;systemidle;"c:\windows\System32\stemIdle.exe" -netsvcs --> c:\windows\System32\stemIdle.exe [?]
S4 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE --> c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [?]
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 05:24]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 05:24]

2010-04-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-15 10:50]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: csob.cz\ib24
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {006303B0-29A7-4956-89FC-568CCCF7641B} - hxxps://ib24.csob.cz/comp/HsmEngine.dll
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2002 Cz\InstFred.ocx
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/Comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
DPF: {672ee252-d813-4f5e-81bb-5dd163dd4fa5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} - hxxps://ib24.csob.cz/comp/ICAHsmEngine.dll
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD LT 2002 Cz\InstBanr.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://85.207.83.26:11101/activex/AMC.cab
.
.
------- Asociace soubor¨ -------
.
.scr=DWGTrueViewScriptFile
.
- - - - NEPLATN╔ POLOÄKY ODSTRAN╠N╔ Z REGISTRU - - - -

HKLM-Run-pdfSaver3 - (no file)
HKU-Default-Run-Microsoft Services - lsrv.exe
HKU-Default-Run-Microsoft NT Update - svchosts.exe
HKU-Default-Run-WindowsRegKey update - Windowsup.exe
HKU-Default-Run-starter - scvhosting.exe
HKU-Default-Run-Win32 USB2 Driver - winxpinit.exe
HKU-Default-Run-Windows Monitor - winmon.exe
HKU-Default-Run-Microsoft Secure Messenger.NET Service - securitychk.exe
HKU-Default-Run-systemidle - stemIdle.exe
HKU-Default-Run-Remote Procedure Call - wuarpc.exe
HKU-Default-Run-Starting up - wvsvc.exe
HKU-Default-Run-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run - svhost.exe
HKU-Default-RunOnce-HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run - svhost.exe
HKU-Default-RunServices-Windows Monitor - winmon.exe
HKU-Default-RunServices-Remote Procedure Call - wuarpc.exe
HKLM-Explorer_Run-Direct X Direct3D - dxd3d.exe
Notify-WgaLogon - (no file)
AddRemove-Autodesk Learning Assistance - c:\program files\Autodesk Learning Assistance\ala.exe
AddRemove-Combat Over Europe - c:\program files\Ubi Soft\IL-2 Sturmovik Forgotten Battles\Uninstal.exe
AddRemove-Deep Sea Tycoon - c:\progra~1\DEEPSE~2\UNWISE.EXE
AddRemove-LifeGlobe Goldfish Aquarium_is1 - c:\program files\Prolific Publishing
AddRemove-WinBase602 7.0 - c:\kili_katalog\Uninst.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 15:26
Windows 5.1.2600 Service Pack 2 NTFS

skenovßnÝ skrytřch proces¨ ...

skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...

skenovßnÝ skrytřch soubor¨ ...

sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0

**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------

- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2536)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkovř Ŕas: 2010-04-14 15:31:50 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2010-04-14 13:31

P°ed spuÜtýnÝm: 5á996á658á688
Po spuÜtýnÝ: 6á919á720á960

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5,6
- - End Of File - - 50854FC0721290D3F947C44903F79EDE
Děkuji moc.

Zdravím

Na logu se pracuje, prosím o strpení.

Nedoporučuji používat ComboFix z vlastní iniciativy, může dojít k poškození systému!

Předem děkuji!

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

File::
c:\windows\DUMP3cab.tmp
c:\windows\DUMP3d38.tmp
c:\windows\DUMP3d37.tmp
c:\windows\DUMP3dc4.tmp
c:\windows\DUMP3d47.tmp
c:\windows\DUMP3e22.tmp
c:\windows\DUMP4045.tmp
c:\windows\DUMP3c3d.tmp
c:\windows\System32\securitychk.exe
c:\windows\System32\svhost.exe
c:\windows\System32\stemIdle.exe
c:\windows\System32\winxpinit.exe
c:\windows\system32\drivers\vuabudnq.sys

Driver::
Microsoft Secure Messenger.NET Service
MSPatch
SystemIdle.exe
LOL

Restore::
c:\windows\system32\userinit.exe

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
c:\program files\TRNDEMO.exe

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

Obrázek

Doporučuji odinstalovat Spybot - Search & Destroy.

Dík provedu jen nechapu proc odinstalovat Spybot - Search & Destroy?

Je zastaralý a nedoporučuje se používat.

Dobra.Script maka.je to na druhym pc.Radeji ho nemam na siti.Co doporucujes pouzivat na trojany a viry?

Doporučuji používat Aviru nebo Avast + ZoneAlarm. Pokud budete mít v budoucnu problém, tak vložte do sekce "Řešení problémů, logy" log z RSIT. Hlavně nespouštějte ComboFix bez pokynu rádce či zkušené osoby.

Dobre .Odesilam ten soubor uz napotreti ale pri 96 procentech 6,9M hodi Exception errortime.

Zkuste soubor otestovat na: http://virusscan.jotti.org/cs

Test proveden nic nenasel....

Ok, počkám na log z ComboFixu.

Tady je.
ComboFix 10-04-13.02 - Administrator 14.04.2010 19:13:40.2.1 - x86 NETWORK
SystÚm Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.767.581 [GMT 2:00]
SpuÜtýnř z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Pou×itÚ ovlßdacÝ p°epÝnaŔe :: c:\documents and settings\Administrator\Plocha\CFScript.txt

FILE ::
"c:\windows\DUMP3c3d.tmp"
"c:\windows\DUMP3cab.tmp"
"c:\windows\DUMP3d37.tmp"
"c:\windows\DUMP3d38.tmp"
"c:\windows\DUMP3d47.tmp"
"c:\windows\DUMP3dc4.tmp"
"c:\windows\DUMP3e22.tmp"
"c:\windows\DUMP4045.tmp"
"c:\windows\system32\drivers\vuabudnq.sys"
"c:\windows\System32\securitychk.exe"
"c:\windows\System32\stemIdle.exe"
"c:\windows\System32\svhost.exe"
"c:\windows\System32\winxpinit.exe"
.

((((((((((((((((((((((((((((((((((((((( OstatnÝ vřmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\DUMP3c3d.tmp
c:\windows\DUMP3cab.tmp
c:\windows\DUMP3d37.tmp
c:\windows\DUMP3d38.tmp
c:\windows\DUMP3d47.tmp
c:\windows\DUMP3dc4.tmp
c:\windows\DUMP3e22.tmp
c:\windows\DUMP4045.tmp
c:\windows\system32\drivers\vuabudnq.sys

Naka×enß kopie c:\windows\system32\userinit.exe byla nalezena a vylÚŔena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((((((((((((((((( OvladaŔe/Slu×by )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LOL
-------\Legacy_MICROSOFT_SECURE_MESSENGER.NET_SERVICE
-------\Legacy_MSPATCH
-------\Legacy_SYSTEMIDLE.EXE
-------\Service_LOL
-------\Service_Microsoft Secure Messenger.NET Service
-------\Service_MSPatch
-------\Service_SystemIdle.exe

((((((((((((((((((((((((( Soubory vytvo°enÚ od 2010-03-14 do 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-13 21:04 . 2004-08-03 20:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-13 21:04 . 2004-08-03 20:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-13 21:03 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-13 21:03 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-13 21:03 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-13 21:03 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-04-13 20:57 . 2010-04-13 20:57 -------- d-----w- c:\program files\Alwil Software
2010-04-13 17:32 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-13 17:31 . 2010-04-13 17:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 17:31 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-13 15:59 . 2001-10-24 09:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-04-13 15:59 . 2001-10-24 09:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-04-13 15:59 . 2001-08-17 20:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-04-13 15:59 . 2001-08-17 20:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-04-13 10:54 . 2010-04-13 10:55 -------- d-----w- C:\Malwarebytes' Anti-Malware
2010-04-13 09:38 . 2010-04-13 09:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-04-13 09:24 . 2010-04-13 09:24 2131816 ----a-w- c:\program files\avg_avwt_stb_all_9_114.exe
2010-04-13 04:37 . 2010-04-13 04:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-07 12:21 . 2010-04-07 12:21 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2010-04-01 05:41 . 2010-04-01 05:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-31 13:31 . 2010-03-31 13:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-31 13:27 . 2010-03-31 13:27 -------- d-sh--w- c:\documents and settings\pc\IECompatCache
2010-03-31 13:16 . 2010-03-31 13:16 -------- d-sh--w- c:\documents and settings\pc\PrivacIE
2010-03-31 13:14 . 2010-03-31 13:14 -------- d-sh--w- c:\documents and settings\pc\IETldCache
2010-03-31 13:09 . 2010-04-13 08:38 -------- d-----w- c:\program files\Seznam.cz
2010-03-31 13:09 . 2010-03-31 13:10 -------- d--h--w- c:\windows\msdownld.tmp
2010-03-31 13:08 . 2010-03-31 13:09 -------- dc-h--w- c:\windows\ie8
2010-03-31 13:08 . 2010-03-31 13:09 -------- d-----w- c:\windows\system32\cs-CZ
2010-03-31 13:05 . 2010-03-31 13:05 18475520 ----a-w- c:\program files\IE8-Setup-XP-v3.exe
2010-03-26 09:08 . 2010-03-26 09:09 -------- d-----w- C:\KnihaJizd3_0

.
(((((((((((((((((((((((((((((((((((((((( Find3M vřpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 08:39 . 2009-05-07 05:23 -------- d-----r- c:\program files\Skype
2010-03-29 04:39 . 2001-10-25 12:00 82656 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 04:39 . 2001-10-25 12:00 438014 ----a-w- c:\windows\system32\perfh005.dat
2010-02-25 13:35 . 2010-02-25 13:35 -------- d-----w- c:\program files\Common Files\Freedom Scientific
2010-02-25 13:35 . 2004-03-23 10:51 -------- d-----w- c:\program files\Common Files\Soft602
2010-02-17 06:10 . 2010-02-17 06:10 -------- d-----w- c:\program files\Microsoft Silverlight
2008-08-25 13:07 . 2008-08-25 13:07 15391158 ----a-w- c:\program files\ns3_demo_setup.exe
2008-08-21 13:21 . 2008-08-21 13:21 8274432 ----a-w- c:\program files\TEADEMO.exe
2008-08-21 13:19 . 2008-08-21 13:19 7255040 ----a-w- c:\program files\TRNDEMO.exe
2008-05-05 05:24 . 2008-05-05 05:24 10231336 ----a-w- c:\program files\freedwgviewer.exe
2008-05-05 05:19 . 2008-05-05 05:19 45008184 ----a-w- c:\program files\SetupDesignReview2009.exe
2007-12-13 06:29 . 2007-12-13 06:32 122269 ----a-w- c:\program files\InstallSignerXP.zip
2007-12-13 05:51 . 2007-12-13 06:23 629008 ----a-w- c:\program files\InstallAllXP.zip
2007-11-22 12:22 . 2007-11-22 12:22 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-11-02 09:47 . 2007-11-02 09:46 826017 ----a-w- c:\program files\NeroCDSpeed_4700.zip
2007-08-17 07:49 . 2007-08-17 07:49 1341143 ----a-w- c:\program files\wrar370cz.exe
2003-06-23 13:09 . 2009-06-18 06:16 650 ----a-r- c:\program files\layout.bin
2003-06-23 13:09 . 2009-06-18 06:16 4513451 ----a-r- c:\program files\data1.cab
2003-06-23 13:09 . 2009-06-18 06:16 24811 ----a-r- c:\program files\data1.hdr
2003-06-23 13:09 . 2009-06-18 06:16 9114 ----a-r- c:\program files\_user1.hdr
2003-06-23 13:09 . 2009-06-18 06:16 79 ----a-r- c:\program files\SETUP.INI
2003-06-23 13:09 . 2009-06-18 06:16 49 ----a-r- c:\program files\setup.lid
2003-06-23 13:09 . 2009-06-18 06:16 2048045 ----a-r- c:\program files\_user1.cab
2003-06-23 13:09 . 2009-06-18 06:16 121 ----a-r- c:\program files\DATA.TAG
2003-06-23 13:09 . 2009-06-18 06:16 3942 ----a-r- c:\program files\_sys1.hdr
2003-06-23 13:09 . 2009-06-18 06:16 177161 ----a-r- c:\program files\_sys1.cab
2003-06-23 13:08 . 2009-06-18 06:16 611531 ----a-r- c:\program files\setup.ins
2001-10-04 08:48 . 2009-06-18 06:16 24266 ----a-r- c:\program files\readme.txt
2001-01-03 09:11 . 2009-06-18 06:16 732 ----a-r- c:\program files\cmdopts.txt
2000-04-17 11:58 . 2009-06-18 06:16 2313 ----a-r- c:\program files\setup.lst
1999-02-23 09:45 . 2009-06-18 06:16 296674 ----a-r- c:\program files\_inst32i.ex_
1999-01-12 09:34 . 2009-06-18 06:16 23541 ----a-r- c:\program files\lang.dat
1998-10-27 11:06 . 2009-06-18 06:16 27648 ----a-r- c:\program files\_ISDel.exe
1998-10-08 12:41 . 2009-06-18 06:16 34816 ----a-r- c:\program files\_Setup.dll
1998-07-27 15:41 . 2009-06-18 06:16 450 ----a-r- c:\program files\os.dat
.

(((((((((((((((((((((((((((((((((( SpouÜtýcÝ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznßmka* prßzdnÚ zßznamy a legitimnÝ vřchozÝ ˙daje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-23 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-04-29 100056]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-11 282624]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2003-08-29 24576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
CAPI Tray.lnk - c:\program files\Microcom ISDN utility\ccmon.exe [2004-7-19 155648]
FlashPath Monitor.lnk - c:\program files\SmartDisk\FlashPath\sdstat.exe [2004-3-23 184320]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Rychlé spuštění aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=

R2 CAPI;CAPI 2.0 Service;c:\windows\system32\drivers\capi.sys [19.7.2004 12:22 27699]
R2 FlashNT;FlashNT;c:\windows\system32\drivers\FLASHNT.SYS [23.3.2004 14:24 72784]
R2 NDISCAPI;NDIS CAPI Service;c:\windows\system32\drivers\ndiscapi.sys [19.7.2004 12:22 26684]
R2 Sdselect;Sdselect;c:\windows\system32\drivers\sdselect.sys [23.3.2004 14:24 73296]
R3 usb2mpa;Microcom ISDN USB Travel C NDISWAN Miniport Driver;c:\windows\system32\drivers\usb2mpa.sys [19.7.2004 12:22 336440]
R3 vmdmc;Microcom VComm+ Port Driver;c:\windows\system32\drivers\vmdmc.sys [19.7.2004 12:24 355921]
S2 gupdate1c9ced42b7493fe;Slu×ba Google Update (gupdate1c9ced42b7493fe);c:\program files\Google\Update\GoogleUpdate.exe [7.5.2009 7:24 133104]
S4 NProtectService;Norton Unerase Protection;c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE --> c:\program files\Norton AntiVirus\AdvTools\NPROTECT.EXE [?]
.
Obsah adresß°e 'NaplßnovanÚ ˙lohy'

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 05:24]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 05:24]

2010-04-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-15 10:50]
.
.
------- Dopl˛kovř sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: google sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: csob.cz\ib24
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {006303B0-29A7-4956-89FC-568CCCF7641B} - hxxps://ib24.csob.cz/comp/HsmEngine.dll
DPF: {1AE23F24-D3E4-4C57-8468-6618B9B8B70F} - hxxps://ib24.csob.cz/Comp/IcaSignerCZ.cab
DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} - file://c:\program files\AutoCAD LT 2002 Cz\InstFred.ocx
DPF: {461A37E7-17B3-40E3-B6BB-7CAEC732C9E4} - hxxps://ib24.csob.cz/Comp/CSOBEnroll.dll
DPF: {4C3CEE0B-4F2F-44C3-9586-4368F3200143} - hxxp://download.ica.cz/icapki.cab
DPF: {672ee252-d813-4f5e-81bb-5dd163dd4fa5} - hxxps://www.mojedatovaschranka.cz/static/pages/ ... b?3,14,8,0
DPF: {8DB83558-B5E6-4449-8E59-B91126580A99} - hxxps://ib24.csob.cz/comp/ICAHsmEngine.dll
DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\AutoCAD LT 2002 Cz\InstBanr.ocx
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://85.207.83.26:11101/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 19:19
Windows 5.1.2600 Service Pack 2 NTFS

skenovßnÝ skrytřch proces¨ ...

skenovßnÝ skrytřch polo×ek 'Po spuÜtýnÝ' ...

skenovßnÝ skrytřch soubor¨ ...

sken byl ˙speÜný dokonŔen
skrytÚ soubory: 0

**************************************************************************
.
--------------------- Knihovny navßzanÚ na bý×ÝcÝ procesy ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1548)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ JinÚ spuÜtenÚ procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkovř Ŕas: 2010-04-14 19:26:01 - poŔÝtaŔ byl restartovßn
ComboFix-quarantined-files.txt 2010-04-14 17:25
ComboFix2.txt 2010-04-14 13:31

P°ed spuÜtýnÝm: 6á950á592á512
Po spuÜtýnÝ: 6á903á283á712

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 8B2235507A2F4E0A153F2F058AD3FB76

Odinstalujte všechny emulátory virtuálních mechanik.

Obrázek

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Obrázek

Start > Spustit (Win + R)

Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

Klikněte na OK

Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

Uff toho bylo na praci .

tady je ten log
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

VIRY.CZ

prosim o kontrolu logu ComboFix (stahuje sam havet)

prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)

Re: prosim o kontrolu logu ComboFix (stahuje sam havet)