VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Win32:Qandr [Rtk]

https://forum.viry.cz:443/viewtopic.php?t=100914

Stránka 1 z 1

Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 08:44
od lukyluk
Dobrý den vážení rádci,

na domácím počítači hlásí Avast infekci Win32:Qandr [Rtk].
Počítač se zpomalil a v procesech běží schvost.exe na 100% výkonu procesoru. Další nyní viditeklný problém je znefunkčnění Skype.

Provedené akce -
1. scan Avastem - restart a scan po restartu před spuštěním Windows - odstraněny dva soubory.
2. Vypnuto obnovení systému.
3. Vyčištění pomocí CCleaneru.
4. Vymazány temporary files Java.
5. Vyčištění disku.

Vypis chyb z Avast logu:
8.5.2010 20:02:05 SYSTEM 1540 AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal of \\127.0.0.1\admin$\system32\drivers\asyncmac.sys failed, 000004CF.

Vypis varování z Avast logu:
8.5.2010 20:43:40 Věra 3480 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "c:\windows\system32\drivers\cdaudio.sys".
8.5.2010 20:43:08 Věra 3480 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "c:\windows\system32\drivers\ccdecode.sys".
8.5.2010 20:07:12 SYSTEM 1464 Funkce setifaceUpdatePackages() selhala. Návratová hodnota je 0x20000004, dwRes je 20000004.
8.5.2010 20:04:15 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\System32\Drivers\Changer.SYS".
8.5.2010 20:04:10 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\cdaudio.sys".
8.5.2010 20:04:09 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\Changer.sys".
8.5.2010 20:04:06 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\ccdecode.sys".
8.5.2010 20:04:05 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\System32\Drivers\Cdaudio.SYS".
8.5.2010 20:04:03 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\Cdaudio.sys".
8.5.2010 20:04:01 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\System32\DRIVERS\CCDECODE.sys".
8.5.2010 20:03:59 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\ccdecode.sys".
8.5.2010 20:03:52 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\System32\DRIVERS\bridge.sys".
8.5.2010 20:03:50 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\bridge.sys".
8.5.2010 20:03:47 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\System32\DRIVERS\bridge.sys".
8.5.2010 20:03:43 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\bridge.sys".
8.5.2010 20:03:39 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\atmarpc.sys".
8.5.2010 20:02:15 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\DRIVERS\asyncmac.sys".
8.5.2010 20:02:08 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\asyncmac.sys".
8.5.2010 20:02:05 SYSTEM 1540 AAVM - varování při testování: x_AavmCheckFileDirectEx [UNI]: \\127.0.0.1\admin$\system32\drivers\asyncmac.sys (\\127.0.0.1\admin$\system32\drivers\asyncmac.sys) returning error, 000004CF.
8.5.2010 20:02:02 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\LastGood\system32\drivers\aec.sys".
8.5.2010 20:01:23 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\aec.sys".
8.5.2010 20:01:19 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\adiusbaw.sys".
8.5.2010 20:01:11 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\System32\Drivers\adildr.sys".
8.5.2010 20:00:54 SYSTEM 1540 Virus "Win32:Qandr [Rtk]" byl nalezen v souboru "C:\WINDOWS\system32\drivers\adildr.sys".
8.5.2010 19:53:49 SYSTEM 1540 Virus "VBS:Malware-gen" byl nalezen v souboru "C:\WINDOWS\system32\fjhdyfhsn.bat".

Vypis logu z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:30, on 9.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MICROS~4\MsSQL\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SWT2000\HCM.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\MsSQL\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Věra\Plocha\hijackthis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [SDM4500P] C:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Skype.lnk = C:\Program Files\Skype\Phone\Skype.exe
O4 - Startup: wwwzuc32.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\MsSQL\Binn\sqlmangr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6559 bytes

Předem děkuji a moc Vás prosím o pomoc.

Re: Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 10:07
od lukyluk
Zdravím, paralelně jsem spustil combofix před vaším příspěvkem. V běžném provozu Windows. Po hodině se combofix neukončil. Restartoval jsem počítač. nyní dle vaší rady spustím combofix v nouzovém režimu s podporou sítě a pošlu log.

Re: Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 10:38
od lukyluk
Aha, sorry za unáhlenost.

Log z ComboFix:

ComboFix 10-05-08.02 - Administrator 09.05.2010 11:17:17.4.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.291 [GMT 2:00]
Spuštěný z: c:\documents and settings\Věra\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100508-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FILEMON


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-09 do 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-08 19:31 . 2010-05-08 19:31 -------- d-----w- c:\program files\TeamViewer
2010-05-08 19:24 . 2004-08-03 21:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-08 19:24 . 2004-08-03 21:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 15:08 . 2006-03-04 10:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 13:22 . 2010-04-07 13:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 13:22 . 2006-03-06 07:56 -------- d-----w- c:\program files\Java
2010-04-05 08:56 . 2006-03-06 07:57 -------- d-----w- c:\program files\Google
2010-04-01 13:25 . 2010-04-01 13:25 -------- d-----w- c:\program files\CryptoPlus
2010-03-28 12:20 . 2001-10-25 14:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 12:20 . 2001-10-25 14:00 309990 ----a-w- c:\windows\system32\perfh005.dat
1999-04-07 18:39 . 1999-04-07 18:39 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 03:53 . 1998-12-09 03:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 03:53 . 1998-12-09 03:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2005-05-11 61440]
"SDM4500P"="c:\program files\SWT2000\HCM.exe" [2003-03-12 974921]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2005-05-11 127118]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-04 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-07 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\VŘra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Skype.lnk - c:\program files\Skype\Phone\Skype.exe [2006-3-5 25365032]
wwwzuc32.exe [2004-8-17 30720]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Service Manager.lnk - c:\program files\Microsoft SQL Server\MsSQL\Binn\sqlmangr.exe [2006-3-6 110592]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Věra\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5.4.2008 16:05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.4.2008 16:05 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2.3.2006 22:50 2825088]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [1.4.2010 15:25 87424]
S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [18.6.2006 12:42 899980]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Věra\Data aplikací\Mozilla\Firefox\Profiles\9n545f0w.default\
FF - prefs.js: browser.search.selectedEngine - Jyxo.cz
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - c:\documents and settings\Věra\Plocha\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 11:23
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\documents and settings\Věra\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe 30720 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\SCardSvr.exe
c:\windows\ATKKBService.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\MICROS~4\MsSQL\binn\sqlservr.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2010-05-09 11:31:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-09 09:31

Před spuštěním: Volných bajtů: 22 361 964 544
Po spuštění: Volných bajtů: 22 348 795 904

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DC4F9F2C53FD5FF8959D0DB0A13E6DB1

Re: Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 11:44
od lukyluk
Inkriminovaný soubor jsem smazal v nouzovém režimu. Nyní jsou procesy OK.

Skype vypadá, že už běží normálně. V pravé dolní liště se nezobrazuje ikona Avastu - nevím jestli Avast běží.

Log z OTL:
OTL logfile created on: 9.5.2010 12:41:41 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Věra\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 110,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 20,83 Gb Free Space | 35,55% Space Free | Partition Type: NTFS
Drive D: | 996,19 Mb Total Space | 709,58 Mb Free Space | 71,23% Space Free | Partition Type: NTFS
Drive E: | 30,66 Gb Total Space | 0,96 Gb Free Space | 3,13% Space Free | Partition Type: NTFS
Drive F: | 996,19 Mb Total Space | 918,30 Mb Free Space | 92,18% Space Free | Partition Type: NTFS
Drive G: | 996,19 Mb Total Space | 953,45 Mb Free Space | 95,71% Space Free | Partition Type: NTFS
Drive H: | 996,19 Mb Total Space | 946,57 Mb Free Space | 95,02% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: HARRY
Current User Name: Věra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Custom Scans ==========



< MD5 for: ADILDR.SYS >
[2003.07.17 16:48:44 | 000,046,167 | ---- | M] (Analog Deivces) MD5=6278AB04AAE16C1438F3C4D34706C3B7 -- C:\Program Files\SAGEM\SAGEM F@st 800-840\Drivers\adildr.sys

< MD5 for: ADIUSBAW.SYS >
[2003.03.27 13:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) MD5=88FA846846E5080FA2D2FBEC1EF2AEAA -- C:\Program Files\SAGEM\SAGEM F@st 800-840\Drivers\adiusbaw.sys
[2003.03.27 13:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) MD5=88FA846846E5080FA2D2FBEC1EF2AEAA -- C:\WINDOWS\system32\drivers\adiusbaw.sys

< MD5 for: AEC.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:aec.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:aec.sys
[2004.08.03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\erdnt\cache\aec.sys
[2004.08.03 23:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
[2004.08.03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\system32\dllcache\aec.sys
[2004.08.03 22:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\system32\drivers\aec.sys
[2002.08.29 01:16:38 | 000,142,208 | ---- | M] (Microsoft Corporation) MD5=FF773FEDA15E8BD97FD54FE87A0ACDBE -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys

< MD5 for: ASYNCMAC.SYS >
[2004.08.04 00:05:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=02000ABF34AF4C218C35D257024807D6 -- C:\WINDOWS\erdnt\cache\asyncmac.sys
[2004.08.04 00:05:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=02000ABF34AF4C218C35D257024807D6 -- C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
[2004.08.04 00:05:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=02000ABF34AF4C218C35D257024807D6 -- C:\WINDOWS\system32\dllcache\asyncmac.sys
[2004.08.04 00:05:04 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=02000ABF34AF4C218C35D257024807D6 -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2001.10.25 16:00:00 | 000,013,568 | ---- | M] (Microsoft Corporation) MD5=03F403B07A884FC2AA54A0916C410931 -- C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys

< MD5 for: ATMARPC.SYS >
[2001.10.25 16:00:00 | 000,057,216 | ---- | M] (Microsoft Corporation) MD5=8D735CA1CBDB0081B0E3B9FF0EB222D0 -- C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys
[2004.08.03 23:58:32 | 000,059,904 | ---- | M] (Microsoft Corporation) MD5=EC88DA854AB7D7752EC8BE11A741BB7F -- C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
[2004.08.03 23:58:32 | 000,059,904 | ---- | M] (Microsoft Corporation) MD5=EC88DA854AB7D7752EC8BE11A741BB7F -- C:\WINDOWS\system32\dllcache\atmarpc.sys
[2004.08.03 23:58:32 | 000,059,904 | ---- | M] (Microsoft Corporation) MD5=EC88DA854AB7D7752EC8BE11A741BB7F -- C:\WINDOWS\system32\drivers\atmarpc.sys

< MD5 for: BRIDGE.SYS >
[2002.08.29 03:34:42 | 000,068,864 | ---- | M] (Microsoft Corporation) MD5=DBA7442096F025A0490EC348F82ACDBE -- C:\WINDOWS\$NtServicePackUninstall$\bridge.sys
[2004.08.03 23:59:58 | 000,071,552 | ---- | M] (Microsoft Corporation) MD5=E4E6A0922E3D983728C9AD4E8D466954 -- C:\WINDOWS\ServicePackFiles\i386\bridge.sys
[2004.08.03 23:59:58 | 000,071,552 | ---- | M] (Microsoft Corporation) MD5=E4E6A0922E3D983728C9AD4E8D466954 -- C:\WINDOWS\system32\dllcache\bridge.sys
[2004.08.03 23:59:58 | 000,071,552 | ---- | M] (Microsoft Corporation) MD5=E4E6A0922E3D983728C9AD4E8D466954 -- C:\WINDOWS\system32\drivers\bridge.sys

< MD5 for: CCDECODE.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:ccdecode.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ccdecode.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:ccdecode.sys
[2004.08.04 00:10:18 | 000,017,024 | ---- | M] (Microsoft Corporation) MD5=6163ED60B684BAB19D3352AB22FC48B2 -- C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
[2004.07.09 05:26:38 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=FDC06E2ADA8C468EBB161624E03976CF -- C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys
[2004.07.09 05:26:38 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=FDC06E2ADA8C468EBB161624E03976CF -- C:\WINDOWS\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ccdecode.sys
[2004.07.09 05:26:38 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=FDC06E2ADA8C468EBB161624E03976CF -- C:\WINDOWS\system32\dllcache\ccdecode.sys
[2004.07.09 05:26:38 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=FDC06E2ADA8C468EBB161624E03976CF -- C:\WINDOWS\system32\drivers\ccdecode.sys

< MD5 for: CDAUDIO.SYS >
[2001.08.17 21:52:30 | 000,018,688 | ---- | M] (Microsoft Corporation) MD5=C1B486A7658353D33A10CC15211A873B -- C:\WINDOWS\system32\dllcache\cdaudio.sys
[2001.08.17 21:52:30 | 000,018,688 | ---- | M] (Microsoft Corporation) MD5=C1B486A7658353D33A10CC15211A873B -- C:\WINDOWS\system32\drivers\cdaudio.sys

< MD5 for: CDROM.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2002.08.29 03:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.SYS
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.SYS
[2004.08.04 00:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\dllcache\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\drivers\changer.sys

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Díky.

Re: Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 12:09
od lukyluk
c:\windows\system32\drivers\cdaudio.sys
http://www.virustotal.com/cs/analisis/a ... 1273402678

c:\windows\system32\drivers\ccdecode.sys
http://www.virustotal.com/cs/analisis/9 ... 1273402788

C:\WINDOWS\System32\Drivers\Changer.SYS
http://www.virustotal.com/cs/analisis/1 ... 1273402921

C:\WINDOWS\System32\DRIVERS\bridge.sys
http://www.virustotal.com/cs/analisis/e ... 1273402943

C:\WINDOWS\system32\drivers\atmarpc.sys
http://www.virustotal.com/cs/analisis/9 ... 1273403008

C:\WINDOWS\system32\DRIVERS\asyncmac.sys
http://www.virustotal.com/cs/analisis/f ... 1273403050

C:\WINDOWS\system32\drivers\aec.sys
http://www.virustotal.com/cs/analisis/0 ... 1273403073

C:\WINDOWS\system32\drivers\adiusbaw.sys
http://www.virustotal.com/cs/analisis/0 ... 1273403164

C:\WINDOWS\System32\Drivers\adildr.sys
Tento soubor jsem nenalezl. Ve složce je pouze s příponou *.cat
http://www.virustotal.com/cs/analisis/4 ... 1273403272

Dále jsou v adresáři tyto *.bak
ccdecode.sys.bak
Cdaudio.sys.bak

Re: Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 12:27
od lukyluk
ccdecode.sys.bak
http://www.virustotal.com/cs/analisis/5 ... 1273404005

Cdaudio.sys.bak
http://www.virustotal.com/cs/analisis/a ... 1273404022

C:\Program Files\SAGEM\SAGEM F@st 800-840\Drivers\adildr.sys
http://www.virustotal.com/cs/analisis/7 ... 1273404160

C:\WINDOWS\$NtServicePackUninstall$\aec.sys
http://www.virustotal.com/cs/analisis/6 ... 1273404339

Re: Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 15:39
od lukyluk
Avast dokončil scan. Nenalezl žádnou infekci, pouze zjistil u 3577 souborů, že jde o archiv chráněný heslem, takže je neotestoval.


Co dál?

Tu složku SAGEM můžu smazat, jedná se o ovladače ke starému ADSL modemu, který se již nepoužívá.
Počkám ale na tvé potvrzení.

Jinak Avast se spustit dá, ale nespouští se programová ikonka do pravé dolní lišty - mám přeinstalovat Avast novou verzí 5?

Re: Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 17:23
od lukyluk
S tím firewallem, můžeš mi poradit, který freeware firewall bych měl nainstalovat?

Log z RSIT:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Věra at 2010-05-09 18:19:26
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (35%) free of 60 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:19:32, on 9.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MICROS~4\MsSQL\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\SWT2000\HCM.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Microsoft SQL Server\MsSQL\Binn\sqlmangr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Věra\Plocha\vir\RSIT.exe
C:\Program Files\trend micro\Věra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [SDM4500P] C:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Skype.lnk = C:\Program Files\Skype\Phone\Skype.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\MsSQL\Binn\sqlmangr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6162 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-07 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe [2005-05-11 61440]
"SDM4500P"=C:\Program Files\SWT2000\HCM.exe [2003-03-12 974921]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"PCMService"=C:\Program Files\CyberLink\PowerCinema\PCMService.exe [2005-05-11 127118]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-04-07 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-03-04 98304]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\MsSQL\Binn\sqlmangr.exe

C:\Documents and Settings\Věra\Nabídka Start\Programy\Po spuštění
Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-10-11 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Věra\temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\Věra\temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-05-09 18:13:50 ----SHD---- C:\RECYCLER
2010-05-09 16:44:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-05-09 12:22:51 ----A---- C:\Nový objekt - Textový dokument.txt
2010-05-09 11:58:17 ----D---- C:\Program Files\trend micro
2010-05-09 11:58:11 ----D---- C:\rsit
2010-05-09 11:20:07 ----D---- C:\WINDOWS\temp
2010-05-09 10:42:46 ----D---- C:\Qoobox
2010-05-09 09:54:09 ----A---- C:\Boot.bak
2010-05-09 09:53:59 ----RASHD---- C:\cmdcons
2010-05-09 09:48:30 ----A---- C:\WINDOWS\MBR.exe
2010-05-09 09:48:03 ----A---- C:\WINDOWS\zip.exe
2010-05-09 09:48:03 ----A---- C:\WINDOWS\SWREG.exe
2010-05-09 09:48:03 ----A---- C:\WINDOWS\PEV.exe
2010-05-09 09:48:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-09 09:48:02 ----A---- C:\WINDOWS\SWSC.exe
2010-05-09 09:48:02 ----A---- C:\WINDOWS\sed.exe
2010-05-09 09:48:02 ----A---- C:\WINDOWS\grep.exe
2010-05-08 21:31:59 ----D---- C:\Program Files\TeamViewer
2010-05-08 13:58:39 ----D---- C:\Documents and Settings\Věra\Data aplikací\Download Manager

======List of files/folders modified in the last 1 months======

2010-05-09 18:17:53 ----D---- C:\Program Files
2010-05-09 18:17:44 ----D---- C:\WINDOWS
2010-05-09 18:17:39 ----A---- C:\WINDOWS\adiras.ini
2010-05-09 18:17:37 ----D---- C:\WINDOWS\system32\drivers
2010-05-09 18:17:37 ----D---- C:\WINDOWS\system32
2010-05-09 18:17:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-09 18:17:29 ----HD---- C:\WINDOWS\inf
2010-05-09 18:12:15 ----D---- C:\Documents and Settings\Věra\Data aplikací\Skype
2010-05-09 17:39:41 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-05-09 16:48:22 ----D---- C:\Program Files\Alwil Software
2010-05-09 16:45:21 ----SHD---- C:\WINDOWS\Installer
2010-05-09 16:45:21 ----D---- C:\WINDOWS\WinSxS
2010-05-09 16:45:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-05-09 11:27:23 ----D---- C:\WINDOWS\erdnt
2010-05-09 11:22:29 ----A---- C:\WINDOWS\system.ini
2010-05-09 11:20:18 ----D---- C:\WINDOWS\system32\config
2010-05-09 11:18:51 ----D---- C:\WINDOWS\AppPatch
2010-05-09 11:18:49 ----D---- C:\Program Files\Common Files
2010-05-09 11:15:29 ----SHD---- C:\System Volume Information
2010-05-09 11:15:29 ----D---- C:\WINDOWS\system32\Restore
2010-05-09 09:54:10 ----RASH---- C:\boot.ini
2010-05-09 09:47:26 ----D---- C:\WINDOWS\Prefetch
2010-05-09 09:32:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-08 21:24:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-08 19:53:08 ----D---- C:\Program Files\Mozilla Firefox
2010-05-06 22:59:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-05-06 17:09:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-05-06 17:08:38 ----D---- C:\Program Files\Common Files\Adobe
2010-05-06 17:07:55 ----D---- C:\Program Files\Adobe
2010-04-30 16:53:36 ----A---- C:\WINDOWS\Ausba4.ini
2010-04-30 11:11:54 ----A---- C:\WINDOWS\ScnPanel.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-05-06 28880]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-05-06 46672]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-05-06 100432]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 3xHybrid;3xHybrid service; C:\WINDOWS\System32\DRIVERS\3xHybrid.sys [2006-02-14 2825088]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-05-06 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-10-11 800768]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-02-24 10368]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2008-04-04 87424]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 XIRLINK;Veo PC Camera; C:\WINDOWS\system32\DRIVERS\ucdnt.sys [2002-03-26 899980]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-10-11 405504]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2005-05-11 221257]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2005-05-11 110663]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe [2005-05-11 61440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-07 153376]
R2 MSSQLServer;MSSQLServer; C:\PROGRA~1\MICROS~4\MsSQL\binn\sqlservr.exe [2002-04-09 5058832]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-09-21 516096]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
S3 SQLServerAgent;SQLServerAgent; C:\PROGRA~1\MICROS~4\MsSQL\binn\sqlagent.exe [2002-04-09 344064]
S4 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []

-----------------EOF-----------------

Re: Win32:Qandr [Rtk]

Napsal: 09 kvě 2010 17:25
od lukyluk
Jinak Avast 5 už funguje. Mám vyzkoušet Comodo firewall?
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz