VIRY.CZ

Dobrý den,
XP Internet Security 2011 mi začal hlásit výskyt Malware.
Např.
Trojan-Clicker.WIN32......
Trojan-Spy.HTML....
DoS.Win32.DieWar
Virus.Boot-DOS.V.1536...
atd.
Zkoušel jsem výpis přes HijackThis, ale ...HijackThis download failed

Poradíte mi co dál dělat ?

Díky
Čestmír Červenka

Přikládám kompletní výpis dumpu :

ogfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2011-05-07 20:06:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 47 GB (34%) free of 137 GB
Total RAM: 1023 MB (55% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gainward"=C:\WINDOWS\TBPanel.exe [2005-07-25 2043904]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-07-20 7110656]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2007-02-12 267840]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-05-05 14396416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2005-07-20 86016]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-12-25 155648]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2006-08-05 108160]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WEBTRAN"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-05 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2002-09-25 87751]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe [2004-08-25 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
C:\Program Files\Intel\IDU\iptray.exe [2004-06-11 1226752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
C:\PROGRA~1\MEDIAK~1\MagicKey.exe [2004-03-15 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-12-25 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreIT!]
C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE [2003-01-10 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicFocus]
C:\Program Files\Sonic Focus\SFIGUI\\SFIGUI.EXE [2004-06-13 1224704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-09-20 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE [2004-09-20 184320]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Anti-Virus&Trojan.lnk - C:\Program Files\Anti-Virus&Trojan\Anti-Virus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeTextCAutoLog"=
"LegalNoticeCaptionCAutoLog"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.txt - open - Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-05-07 20:06:58 ----D---- C:\Program Files\trend micro
2011-05-07 20:06:57 ----D---- C:\rsit
2011-05-07 19:17:37 ----D---- C:\Program Files\Ultimate Process Manager
2011-05-07 17:44:33 ----A---- C:\ipconfig.txt
2011-05-07 17:44:25 ----D---- C:\Program Files\Anti-Virus&Trojan
2011-05-05 23:45:09 ----D---- C:\Program Files\Conduit
2011-05-05 23:44:59 ----D---- C:\Program Files\ZoneAlarm_Security
2011-05-05 23:44:43 ----D---- C:\Program Files\CheckPoint
2011-05-05 23:22:42 ----A---- C:\WINDOWS\system32\asw45.tmp
2011-05-05 21:06:33 ----A---- C:\WINDOWS\system32\AVA4.tmp
2011-05-05 21:06:32 ----A---- C:\WINDOWS\system32\asw3.tmp
2011-04-15 22:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2011-04-15 22:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2011-04-15 22:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2506223$
2011-04-15 22:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-04-15 21:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2508272$
2011-04-15 21:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2503658$
2011-04-15 21:58:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2011-04-15 21:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2011-04-15 21:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2511455$
2011-04-15 21:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2011-04-15 21:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$

======List of files/folders modified in the last 1 months======

2011-05-07 20:06:58 ----D---- C:\Program Files
2011-05-07 20:02:47 ----A---- C:\WINDOWS\DFC.INI
2011-05-07 20:01:31 ----D---- C:\WINDOWS\Prefetch
2011-05-07 19:18:11 ----D---- C:\WINDOWS\system32\CatRoot2
2011-05-07 18:49:57 ----D---- C:\WINDOWS\system32
2011-05-07 17:49:12 ----D---- C:\WINDOWS\$NT0234Uninstall$
2011-05-07 17:47:44 ----D---- C:\WINDOWS\Temp
2011-05-07 17:32:59 ----D---- C:\WINDOWS\system32\Lang
2011-05-07 17:06:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-05-06 15:43:11 ----SD---- C:\WINDOWS\Tasks
2011-05-06 15:19:50 ----D---- C:\WINDOWS\system32\ZoneLabs
2011-05-06 15:19:50 ----D---- C:\WINDOWS\Internet Logs
2011-05-05 23:48:27 ----D---- C:\Program Files\Mozilla Firefox
2011-05-05 21:06:28 ----D---- C:\Program Files\Alwil Software
2011-05-05 21:01:47 ----D---- C:\WINDOWS
2011-05-05 19:41:50 ----D---- C:\WINDOWS\Debug
2011-05-05 19:41:49 ----D---- C:\WINDOWS\Minidump
2011-04-30 17:08:35 ----A---- C:\AILog.txt
2011-04-18 15:46:44 ----A---- C:\WINDOWS\system32\MRT.exe
2011-04-18 00:08:00 ----D---- C:\cc
2011-04-17 11:02:06 ----D---- C:\WINDOWS\Microsoft.NET
2011-04-17 11:02:00 ----RSD---- C:\WINDOWS\assembly
2011-04-16 19:22:18 ----HD---- C:\WINDOWS\inf
2011-04-15 22:03:37 ----HD---- C:\WINDOWS\$hf_mig$
2011-04-15 22:03:31 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-04-15 22:02:50 ----D---- C:\WINDOWS\system32\en-US
2011-04-15 22:02:49 ----D---- C:\Program Files\Internet Explorer
2011-04-15 22:02:29 ----D---- C:\WINDOWS\ie7updates
2011-04-15 22:02:09 ----D---- C:\WINDOWS\WinSxS
2011-04-15 22:02:00 ----SHD---- C:\WINDOWS\Installer
2011-04-15 22:02:00 ----SHD---- C:\Config.Msi
2011-04-15 22:01:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-04-15 21:58:00 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 ohci1394;NEC FireWarden OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 SF;SF; C:\WINDOWS\System32\drivers\sf.sys [2004-06-13 32089]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-05-10 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-05-10 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-09-29 66048]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-11-02 639224]
R0 VVBackd5;VVBackd5; C:\WINDOWS\system32\drivers\VVBackd5.sys [2003-01-19 180074]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2005-02-01 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2005-02-01 16176]
R2 osaio;osaio; C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 10386]
R2 SIODRV;SIODRV; \??\C:\WINDOWS\System32\drivers\SIODRV.SYS []
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2002-07-25 5306]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-05-05 2951680]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2005-12-09 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2005-12-09 6912]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-07-20 3198368]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\System32\DRIVERS\SMBios.sys [2004-06-07 36484]
R3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\System32\DRIVERS\intelsmb.sys [2004-03-12 21120]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2005-04-30 11736]
S0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys []
S1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys []
S2 wincom32;wincom32; \??\C:\WINDOWS\system32\wincom32.sys []
S3 AgereSoftModem;Microcom InPorte Home; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2002-09-25 1141248]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2005-09-20 9344]
S3 ldiskl;ldiskl; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ldiskl.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 W700bus;Sony Ericsson W700 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\W700bus.sys [2007-05-06 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2007-05-06 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2007-05-06 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2007-05-06 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\W700obex.sys [2007-05-06 86368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2007-06-14 145504]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
R2 iHCService;Intel(R) Desktop Utilities Service; C:\Program Files\Intel\IDU\IDUServ.exe [2004-06-10 1246720]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-07-20 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-05-10 353912]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2011-03-18 2435592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-08-21 65536]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S4 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PnkBstrA;PunkBuster; C:\Hry\Electronic Arts\Need for Speed ProStreet\PB\PnkBstrA.exe []

-----------------EOF-----------------

XP Internet Security 2011 je šmejd. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Spustil jsem Combofix, ale dojde pouze k hlášce Dokončena fáze_50 a zde visí. A to běží již více než 50 minut.
Program je sice stále spuštěn, ale obávám se, že skutečně se nic neděje.

Je ještě nějaká jiná varianta, jak zjistit stav počítače ?

Díky
Č.Červenka

Zkuste CF spustit v nouz. režimu.

V safe modu se soubor vytvořil :

ComboFix 11-05-06.05 - Administrator 07.05.2011 22:58:06.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1023.675 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Adssite Advanced Toolbar
c:\documents and settings\Administrator\Application Data\Adssite Advanced Toolbar\selected.xml
c:\documents and settings\Administrator\Application Data\FunWebProducts
c:\documents and settings\Administrator\Application Data\Mikrotik
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\advtool.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\advtool.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\dhcp.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\dhcp.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\hotspot.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\hotspot.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\ntp.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\ntp.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\ppp.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\ppp.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\roteros.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\roteros.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\roting2.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\roting2.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\rtboard.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\rtboard.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\secure.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\secure.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\system.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\system.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\wlan2.crc
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\3.0beta9\wlan2.dll
c:\documents and settings\Administrator\Application Data\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\Administrator\Application Data\urlredir.cfg
c:\documents and settings\Administrator\Local Settings\Application Data\mpj.exe
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Start Menu\Programs\Anti-Virus&Trojan
c:\documents and settings\All Users\Start Menu\Programs\Anti-Virus&Trojan\Anti-Virus&Trojan.lnk
c:\documents and settings\All Users\Start Menu\Programs\Anti-Virus&Trojan\Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\Anti-Virus&Trojan\Uninstall.lnk
c:\documents and settings\All Users\Start Menu\Programs\Anti-Virus&Trojan\Visit Our Site.lnk
C:\ipconfig.txt
c:\program files\Anti-Virus&Trojan
c:\program files\Anti-Virus&Trojan\Anti-Virus.exe
c:\program files\Anti-Virus&Trojan\Anti_Virus Help.chm
c:\program files\Anti-Virus&Trojan\config.ini
c:\program files\Anti-Virus&Trojan\EGhostLog.txt
c:\program files\Anti-Virus&Trojan\hook.dll
c:\program files\Anti-Virus&Trojan\Minimized.ssk
c:\program files\Anti-Virus&Trojan\Products.htm
c:\program files\Anti-Virus&Trojan\SkinPlusPlusDLL.dll
c:\program files\Anti-Virus&Trojan\unins000.dat
c:\program files\Anti-Virus&Trojan\unins000.exe
c:\program files\Anti-Virus&Trojan\virus.update
c:\program files\Anti-Virus&Trojan\Visit Our Site.url
c:\program files\Uninstall Fun Web Products.dll
c:\windows\$NT0234Uninstall$
c:\windows\$NT0234Uninstall$\punstl.exe
c:\windows\system32\adssite-remove.exe
c:\windows\system32\cont_adssite-remove.exe
c:\windows\system32\gzmrot-uninst.exe
c:\windows\system32\myss_sb_uninstall.exe
c:\windows\system32\ninjaext-uninstall.exe
c:\windows\system32\pfxzmtsmtspm.dll
c:\windows\system32\pfxzmtwbmail.dll
c:\windows\system32\rightonadz-uninst.exe
c:\windows\system32\sfxzmtsmtspm.dll
c:\windows\system32\sfxzmtwbmail.dll
c:\windows\system32\zlbw.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
-------\Service_wincom32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-07 do 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 18:06 . 2011-05-07 18:06 -------- d-----w- c:\program files\trend micro
2011-05-07 18:06 . 2011-05-07 18:07 -------- d-----w- C:\rsit
2011-05-07 17:17 . 2011-05-07 17:18 -------- d-----w- c:\program files\Ultimate Process Manager
2011-05-05 21:47 . 2011-05-05 21:47 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-05 21:47 . 2011-05-05 21:47 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-05 21:47 . 2011-05-05 21:47 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-05 21:47 . 2011-05-05 21:47 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-05 21:47 . 2011-05-05 21:47 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-05 21:47 . 2011-05-05 21:47 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-05 21:47 . 2011-05-05 21:47 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-05 21:47 . 2011-05-05 21:47 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 21:45 . 2011-05-05 21:45 -------- d-----w- c:\program files\Conduit
2011-05-05 21:45 . 2011-05-05 21:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ZoneAlarm_Security
2011-05-05 21:45 . 2011-05-05 21:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-05-05 21:45 . 2011-05-05 21:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2011-05-05 21:44 . 2011-05-05 21:45 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-05-05 21:44 . 2011-05-05 21:44 -------- d-----w- c:\program files\CheckPoint
2011-05-05 21:22 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\asw45.tmp
2011-05-05 19:06 . 2006-08-05 06:18 90112 ----a-w- c:\windows\system32\AVA4.tmp
2011-05-05 19:06 . 2006-08-08 16:53 635520 ----a-w- c:\windows\system32\asw3.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 23:24 . 2009-06-16 21:00 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-03-17 23:24 . 2009-06-16 21:00 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-03-17 23:24 . 2009-06-16 21:00 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-03-07 05:33 . 2005-12-09 15:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2003-03-31 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2003-03-31 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2005-12-09 16:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2003-03-31 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2003-03-31 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 16:58 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2005-12-09 16:22 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2003-03-31 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2003-03-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2003-03-31 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-12-20 19:37 . 2010-12-21 20:05 675840 ----a-w- c:\program files\Uninstall SmileyCentral.dll
2011-05-05 21:47 . 2011-05-05 21:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2005-07-25 2043904]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-07-20 7110656]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-02-12 267840]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-05 14396416]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-07-20 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-25 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2002-09-25 04:44 87751 ----a-r- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 16:07 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
2004-08-25 18:23 155648 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
2004-06-11 15:04 1226752 ----a-w- c:\program files\Intel\IDU\iptray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27 45056 ----a-w- c:\progra~1\MEDIAK~1\MagicKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-07-20 13:07 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-12-25 10:21 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreIT!]
2003-01-10 09:46 122880 ----a-w- c:\program files\FarStone\RestoreIT!\RestoreIT!_XP\vbptask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicFocus]
2004-06-13 18:09 1224704 ----a-w- c:\program files\Sonic Focus\SFIGUI\SFIGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
2004-09-20 07:48 184320 -c--a-w- c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.11.2007 15:05 639224]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [9.12.2005 17:54 180074]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.9.2010 13:51 246520]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S3 ldiskl;ldiskl;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\ldiskl.sys [?]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com
uInternet Connection Wizard,ShellNext = iexplore
TCP: {DE2F2A11-C5E0-4332-9789-B943D4985106} = 172.26.240.1,172.26.0.11
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jx0nixnf.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb002YYcz_ZNzfb014&ptb=16E77291-F5D4-4C59-BD2E-F71F96D35722&psa=&ind=2010122014&ptnrS=ZNzfb002YYcz_ZNzfb014&si=&st=kwd&n=77d0071e&searchfor=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-WEBTRAN - (no file)
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
AddRemove-$NT0234Uninstall$ - c:\windows\$NT0234Uninstall$\punstl.exe
AddRemove-Age of Empires 2.0 - c:\hry\Age of empires II\UNINSTAL.EXE
AddRemove-Age of Empires II: The Conquerors Expansion 1.0 - c:\hry\Age of empires II\UNINSTALX.EXE
AddRemove-ContextTool - c:\program files\ContextTool\uninstall.exe
AddRemove-HijackThis - c:\documents and settings\Administrator\Desktop\HijackThis.exe
AddRemove-SMS FunTom_is1 - c:\program files\FunTom\unins000.exe
AddRemove-Trafficninja.biz Extension - c:\windows\system32\ninjaext-uninstall.exe
AddRemove-WinRAR archiver - c:\hry\Winrar\uninstall.exe
AddRemove-{1A91D1FA-B9B3-4556-9878-5C61059A19B2} - c:\program files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe
AddRemove-{2FCE4FC5-6930-40E7-A4F1-F862207424EF} - c:\program files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe
AddRemove-Team First Htm - c:\docume~1\ADMINI~1\APPLIC~1\GRIDDA~1\moveblah.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 23:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160812AS rev.2AAA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-19
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\bgsvcgen.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Intel\IDU\IDUServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-05-07 23:19:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-07 21:19
.
Před spuštěním: 50 334 879 744 bytes free
Po spuštění: 50 307 039 232 bytes free
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 0204CFE95304710697D9DBDE9A51CAF0

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\asw45.tmp
c:\windows\system32\AVA4.tmp
c:\windows\system32\asw3.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Dobrý den,
udělal jsem dle popisu.

Zde je výsledek z CF :
ComboFix 11-05-06.05 - Administrator 08.05.2011 13:06:11.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1023.707 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
file zipped: c:\windows\system32\asw3.tmp
file zipped: c:\windows\system32\asw45.tmp
file zipped: c:\windows\system32\AVA4.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\asw3.tmp
c:\windows\system32\asw45.tmp
c:\windows\system32\AVA4.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-08 do 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-07 18:06 . 2011-05-07 18:06 -------- d-----w- c:\program files\trend micro
2011-05-07 18:06 . 2011-05-07 18:07 -------- d-----w- C:\rsit
2011-05-07 17:17 . 2011-05-07 17:18 -------- d-----w- c:\program files\Ultimate Process Manager
2011-05-05 21:47 . 2011-05-05 21:47 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-05 21:47 . 2011-05-05 21:47 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-05 21:47 . 2011-05-05 21:47 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-05 21:47 . 2011-05-05 21:47 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-05 21:47 . 2011-05-05 21:47 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-05 21:47 . 2011-05-05 21:47 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-05 21:47 . 2011-05-05 21:47 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-05 21:47 . 2011-05-05 21:47 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 21:45 . 2011-05-05 21:45 -------- d-----w- c:\program files\Conduit
2011-05-05 21:45 . 2011-05-05 21:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ZoneAlarm_Security
2011-05-05 21:45 . 2011-05-05 21:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2011-05-05 21:45 . 2011-05-05 21:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Conduit
2011-05-05 21:44 . 2011-05-05 21:45 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-05-05 21:44 . 2011-05-05 21:44 -------- d-----w- c:\program files\CheckPoint
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 23:24 . 2009-06-16 21:00 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-03-17 23:24 . 2009-06-16 21:00 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-03-17 23:24 . 2009-06-16 21:00 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-03-07 05:33 . 2005-12-09 15:09 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 2003-03-31 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2003-03-31 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2005-12-09 16:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2003-03-31 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2003-03-31 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 16:58 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2005-12-09 16:22 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2003-03-31 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2003-03-31 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2003-03-31 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2003-03-31 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-12-20 19:37 . 2010-12-21 20:05 675840 ----a-w- c:\program files\Uninstall SmileyCentral.dll
2011-05-05 21:47 . 2011-05-05 21:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2005-07-25 2043904]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-07-20 7110656]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-02-12 267840]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-05 14396416]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-07-20 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-25 155648]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2002-09-25 04:44 87751 ----a-r- c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 16:07 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
2004-08-25 18:23 155648 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
2004-06-11 15:04 1226752 ----a-w- c:\program files\Intel\IDU\iptray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKey]
2004-03-15 12:27 45056 ----a-w- c:\progra~1\MEDIAK~1\MagicKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-07-20 13:07 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-12-25 10:21 155648 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestoreIT!]
2003-01-10 09:46 122880 ----a-w- c:\program files\FarStone\RestoreIT!\RestoreIT!_XP\vbptask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicFocus]
2004-06-13 18:09 1224704 ----a-w- c:\program files\Sonic Focus\SFIGUI\SFIGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
2004-09-20 07:48 184320 -c--a-w- c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.11.2007 15:05 639224]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [9.12.2005 17:54 180074]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2.9.2010 13:51 246520]
S3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
S3 ldiskl;ldiskl;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\ldiskl.sys [?]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com
uInternet Connection Wizard,ShellNext = iexplore
TCP: {DE2F2A11-C5E0-4332-9789-B943D4985106} = 172.26.240.1,172.26.0.11
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jx0nixnf.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNzfb002YYcz_ZNzfb014&ptb=16E77291-F5D4-4C59-BD2E-F71F96D35722&psa=&ind=2010122014&ptnrS=ZNzfb002YYcz_ZNzfb014&si=&st=kwd&n=77d0071e&searchfor=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-08 13:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160812AS rev.2AAA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-19
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\bgsvcgen.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Intel\IDU\IDUServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-05-08 13:20:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-08 11:20
C

Log již vypadá OK. Nastala nějaká změna?

Zdravím,
systém zatím nic nehlásí (malware,...), takže to vypadá dobře.

Děkuji za pomoc
Č.Červenka

Nemáte zač!

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu