VIRY.CZ

Dobry den,

tak jsem dukladne cetl, nakonec konal driv nez bylo zdravo, pak jeste trochu vic cetl a shledal svuj problem nejspis komplikovanejsi nez prispevky minule, z kterych jsem reseni nevycetl. Prosim tedy o vase schopnosti..

Je to 2 dny co z niceho nic zacal NOD32 pri startu tuhnout a vyhazovat starou znamou hlasku "Chyba pri komunikaci s jadrem systemu". Zkousel sjem instalaci NODu problem opravit ci odinstalovat, ale ani jedno nebylo mozne - odinstalace ztuhne v bode "opravneni v pristupu k souborum" a nejsem schopen ani shodit proces ekrn.exe v task manageru. Zaroven s tim se objevilo nekolik dalsich problemu:

1) Po kazdem startu vyskoci necinnost aplikace jusched.exe s nabidkou nahlaseni problemu
2) Nejsem schopen stahnout i sebemensi soubor - vse konci kratce po zahajeni s tabulkou a hlaskou "...., because the source can't be read"
3) otevreni kazde druhe webove stranky provazi objeveni tabulky s neplatnym bezpecnostnim overenim ("security certificate")

Celkove se system zda znacne nestabilni a predevsim spoluprace s internetem je zazrak sam o sobe. No a abych tomu vsemu dal korunu, jiz jsem stihl pouzit nastroj ComboFix (zminka o jeho pouziti jen v pripade doporuceni tam opravdu nebyla =/.. ). Nize prikladam tedy log z CF a nasledne HijackThis, jestli to je vubec jeste k necemu.

A jen male review mych moznosti a jiz provedenych hlouposti: nejradsi bych to ukoncil reinstalaci systemu, ale bohuzel pro to nemam ani sebemensi podminky momentalne. Notebook mam soukromy, jen NOD32 je pod licenci firmy meho otce, teda vlastne byla, jelikoz vyprsela, zadal jsem nejake uzivatelske jmeno heslo z netu a tim mozna zacaly problemy.. Dekuji za cokoliv, Jakub F.

ComboFix 11-10-04.04 - Fanta 05.10.9999 11:52:03.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1505 [GMT 7:00]
Spuštěný z: c:\documents and settings\Fanta\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 9999-09-05 do 9999-10-05 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 12:05 . 2011-04-03 08:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-08 1434920]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-15 181816]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2009-04-19 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-14 1044480]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpncgui.exe" [2009-10-26 4986728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programs\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 18:14 24064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 13:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.9.2009 13:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11.9.2009 7:24 735960]
R2 KVPNCSvc;Kerio VPN Client Service;c:\program files\Kerio\VPN Client\kvpncsvc.exe [26.10.2009 21:28 972648]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [18.8.2004 15:00 14336]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11.7.2009 4:27 239160]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [23.3.2009 16:25 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 219.139.81.6 168.95.1.1
FF - ProfilePath - c:\documents and settings\Fanta\Data aplikací\Mozilla\Firefox\Profiles\fjrv0976.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SSODL-PostBootReminder-- - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 9999-10-05 12:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3704)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 9999-10-05 12:11:08
ComboFix-quarantined-files.txt 9999-10-05 05:11
.
Před spuštěním: Volných bajtů: 113 728 581 632
Po spuštění: Volných bajtů: 114 274 799 616
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2B382F8B52D8AED4D21AAB178994DFAE

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:09:37, on 5.10.9999
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kerio\VPN Client\kvpncsvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kerio\VPN Client\kvpncgui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Programs\totalcmd\TOTALCMD.EXE
c:\Documents and Settings\Fanta\Dokumenty\Downloads\HiJackThis.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [zCpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Kerio VPN Client] "C:\Program Files\Kerio\VPN Client\kvpncgui.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio VPN Client Service (KVPNCSvc) - Kerio Technologies Inc. - C:\Program Files\Kerio\VPN Client\kvpncsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9679 bytes

jen pro jistotu - log z RSIT jsem bohuzel mohu dodat, jelikoz nejsem schopen downloadu jak popsano vyse a jediny HijackThis jsem mel nainstalovan z drivejska.. JF.

Zdravim a pekny den preji

nafta.. píše:jelikoz vyprsela, zadal jsem nejake uzivatelske jmeno heslo z netu a tim mozna zacaly problemy.. Dekuji za cokoliv, Jakub F.

Vzhledem k tomu, ze pouzivate nelegalni SW Obrázek

se nedivim, ze jste navstevnikem naseho fora

Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava Obrázek

, pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora

Obstarejte si proto legalni ochranu Vaseho PC (antivir), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.

Osobne Vam doporucuji Avast, AViru ci MSE. Prehled antiviru mate ZDE.

Log z RSITu - viz muj podpis

Stahnete na plochu CKScanner

Spustte a kliknete na Search for files
Po dokonceni skenu kliknete na Save List to File a nasledne OK
Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte

Utility muzete stahnout na jinem PC a prenest do infikovaneho PC

Dobry den,

dekuji za vasi ochotu pomoct, pravidla jsem samozrejme cetl, sypu popel na hlavu jak nikdy, legalni sw uz je na svete a i NOD32 bych prece jen rad posleze zprovoznil s legalnimi udaji, neb mi poskytoval vybornou ochranu, nez jsem vytvoril stupiditu, ktera me nejspis stoji tohle vsechno a vas cas..

Avast nainstalovan, ale hlasi nulovou ochranu a nelze obnovit cinnost. Ale co hur - RSIT sice spustim, zacne pracovat, ale zapise jen hlavicku v logu a pote vyskoci okno - "V programu ... doslo k problemu" chcete odeslat zpravu o chybach? Odeslu, neodeslu, zadna zmena. A log z CKS asi nevypada zrovna tak jak by mel?!:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.DFAATO
----- EOF -----

Lof z CKS je OK

Zkuste udelat RSIT v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

RSIT ani v nouzovem rezimu nenabehlo, stale stejny problem.

Jedine, co se mi podarilo - odinstalovat avast (sziral nepretrzite 100% CPU, coz po klratke dobe vedlo k zaseknuti startu XP) i NOD, ktery jsem se zakoupenou licenci nainstaloval znovu, situace s jadrem ale pretrvava. Navic jsem zkousel spustit kontrolu NODem v nouzovem rezimu, ale kratce po zacatku se objevil stejny problem jako s RSIT - hlaska o problemu v aplikaci,... RSIT nemuzu spustit vubec nikde. Asi vam to moc nerekne, ale maly vycet problemu, ktere se stabilizovaly a deji opakovane:

- NOD stale hlasi chybu s jadrem po spusteni
- jusched.exe hlasi problem v aplikaci taktez po spusteni
- na webu kazda druha stranka hlasi vyprseni bezpecnostniho certifikatu a casto se spojeni v prohlizeci samovolne prerusi, po obnoveni nabehne do predchoziho stavu.
- windows se chovaji vcelku stabilne

Rad bych usetril vas cas a moje nervy, ale momentalne se pohybuju v zahranici v mistech, kde se mi spatne shani externi mechanika a cd s XP.. Takze budu rad za jakykoliv napad, pak uz to jedine za par bananu strelim opicim..

Zustante v nouzovem rezimu

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
yksvc

NetSvc::
yksvc

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Windows nabehly, i NOD se dokonce bez problemu spustil, ale zatim neaktualizoval..

ComboFix 11-10-07.04 - Fanta 08.10.2011 13:22:23.2.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1625 [GMT 7:00]
Spuštěný z: c:\documents and settings\Fanta\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Fanta\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_YKSVC
-------\Service_yksvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-08 do 2011-10-08 )))))))))))))))))))))))))))))))
.
.
9999-10-08 04:18 . 9999-10-08 04:18 -------- d-----w- c:\program files\ESET
9999-10-07 02:17 . 9999-10-07 02:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
9999-10-06 10:48 . 9999-10-07 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
9999-10-06 10:48 . 9999-10-06 10:48 -------- d-----w- c:\program files\AVAST Software
9999-10-05 10:42 . 9999-10-05 10:42 -------- d-----w- C:\rsit
2011-09-17 18:51 . 2011-09-17 18:51 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2011-09-08 16:16 . 9999-10-06 06:49 -------- d-----w- C:\SusiAIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 01:30 . 2011-05-21 08:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-18 08:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-18 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-12 12:05 . 2011-04-03 08:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@9999-10-05_05.08.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 17:02 . 2009-07-11 17:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2011-10-08 06:31 . 2011-10-08 06:31 16384 c:\windows\temp\Perflib_Perfdata_794.dat
+ 2004-09-08 09:09 . 9999-10-07 11:38 75644 c:\windows\system32\perfc009.dat
- 2004-09-08 09:09 . 2011-09-25 06:34 75644 c:\windows\system32\perfc009.dat
- 2004-09-08 09:09 . 2011-09-25 06:34 87762 c:\windows\system32\perfc005.dat
+ 2004-09-08 09:09 . 9999-10-07 11:38 87762 c:\windows\system32\perfc005.dat
+ 2009-09-11 00:26 . 2009-09-11 00:26 96408 c:\windows\system32\drivers\epfwtdir.sys
- 2009-09-11 06:26 . 2009-09-11 06:26 96408 c:\windows\system32\drivers\epfwtdir.sys
+ 2009-11-03 07:28 . 9999-10-07 11:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-03 07:28 . 2009-11-03 07:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-03 07:28 . 2009-11-03 07:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-03 07:28 . 9999-10-07 11:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 9999-10-07 09:18 . 9999-10-07 11:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-11-03 07:28 . 2009-11-03 07:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 9999-10-08 04:19 . 9999-10-08 04:19 10134 c:\windows\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\callmsi.exe
- 2009-11-03 10:12 . 9999-10-05 03:49 10134 c:\windows\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\callmsi.exe
+ 2004-09-08 09:09 . 9999-10-07 11:38 455530 c:\windows\system32\perfh009.dat
- 2004-09-08 09:09 . 2011-09-25 06:34 455530 c:\windows\system32\perfh009.dat
+ 2004-09-08 09:09 . 9999-10-07 11:38 451490 c:\windows\system32\perfh005.dat
- 2004-09-08 09:09 . 2011-09-25 06:34 451490 c:\windows\system32\perfh005.dat
- 2009-09-11 06:23 . 2009-09-11 06:23 108792 c:\windows\system32\drivers\ehdrv.sys
+ 2009-09-11 00:23 . 2009-09-11 00:23 108792 c:\windows\system32\drivers\ehdrv.sys
+ 2009-09-11 00:17 . 2009-09-11 00:17 116008 c:\windows\system32\drivers\eamon.sys
- 2009-09-11 06:17 . 2009-09-11 06:17 116008 c:\windows\system32\drivers\eamon.sys
+ 9999-10-06 10:49 . 9999-10-06 10:49 219648 c:\windows\Installer\2ed626.msi
+ 9999-10-08 04:19 . 9999-10-08 04:19 101480 c:\windows\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\egui.exe
- 2009-11-03 10:12 . 9999-10-05 03:49 101480 c:\windows\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\egui.exe
+ 9999-10-08 04:19 . 9999-10-08 04:19 1140224 c:\windows\Installer\43894.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-08 1434920]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-15 181816]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2009-04-19 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-14 1044480]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpncgui.exe" [2009-10-26 4986728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programs\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 18:14 24064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11.9.2009 7:24 735960]
R2 KVPNCSvc;Kerio VPN Client Service;c:\program files\Kerio\VPN Client\kvpncsvc.exe [26.10.2009 21:28 972648]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11.7.2009 4:27 239160]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [23.3.2009 16:25 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Fanta\Data aplikací\Mozilla\Firefox\Profiles\fjrv0976.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-08 13:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\msdtc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\mqsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-10-08 13:38:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-08 06:38
ComboFix2.txt 9999-10-05 05:11
.
Před spuštěním: Volných bajtů: 118 779 465 728
Po spuštění: Volných bajtů: 116 509 757 440
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E18C2A246301FCB4929834D28DD2783B

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\drivers\kvnet.sys
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize

Kód: Vybrat vše

:reg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost /sub

Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

http://www.virustotal.com/file-scan/rep ... 1318078511

SystemLook 30.07.11 by jpshortstuff
Log created at 20:08 on 08/10/2011 by Fanta
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"HTTPFilter"="HTTPFilter"
"LocalService"="Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV"
"NetworkService"="DnsCache"
"netsvcs"="6to4 AppMgmt AudioSrv Browser CryptSvc DMServer DHCP ERSvc EventSystem FastUserSwitchingCompatibility HidServ Ias Iprip Irmon LanmanServer LanmanWorkstation Messenger Netman Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess Schedule Seclogon SENS Sharedaccess SRService Tapisrv Themes TrkWks W32Time WZCSVC Wmi WmdmPmSp winmgmt wscsvc xmlprov BITS wuauserv ShellHWDetection helpsvc WmdmPmSN napagent hkmsvc"
"DcomLaunch"="DcomLaunch TermService"
"rpcss"="RpcSs"
"imgsvc"="StiSvc"
"termsvcs"="TermService"
"eapsvcs"="eaphost"
"dot3svc"="dot3svc"
"WudfServiceGroup"="WUDFSvc"
"yksvcs"="yksvc"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\DComLaunch]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\dot3svc]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\eapsvcs]
"AuthenticationCapabilities"= 0x0000003020 (12320)
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\HTTPFilter]
"CoInitializeSecurityParam"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"AuthenticationCapabilities"= 0x0000002000 (8192)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"AuthenticationCapabilities"= 0x0000003020 (12320)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\PCHealth]
"CoInitializeSecurityParam"= 0x0000000002 (2)
"AuthenticationCapabilities"= 0x0000000040 (64)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
"CoInitializeSecurityParam"= 0x0000000001 (1)
"DefaultRpcStackSize"= 0x0000000008 (8)

Jeste jeden skript pro ComboFix - postup je stejny

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"yksvcs"=-

AtJob::

ClearJavaCache::

FixCSet::

Reboot::

ComboFix 11-10-08.05 - Fanta 09.10.2011 11:55:36.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1518 [GMT 7:00]
Spuštěný z: c:\documents and settings\Fanta\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Fanta\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-09-09 do 2011-10-09 )))))))))))))))))))))))))))))))
.
.
9999-10-08 04:18 . 9999-10-08 04:18 -------- d-----w- c:\program files\ESET
9999-10-07 02:17 . 9999-10-07 02:17 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
9999-10-06 10:48 . 9999-10-07 15:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
9999-10-06 10:48 . 9999-10-06 10:48 -------- d-----w- c:\program files\AVAST Software
9999-10-05 10:42 . 9999-10-05 10:42 -------- d-----w- C:\rsit
2011-09-17 18:51 . 2011-09-17 18:51 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 01:30 . 2011-05-21 08:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:12 . 2004-08-18 08:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-18 08:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-09-12 12:05 . 2011-04-03 08:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@9999-10-05_05.08.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 17:02 . 2009-07-11 17:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 17:02 . 2009-07-11 17:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2011-10-09 05:08 . 2011-10-09 05:08 16384 c:\windows\temp\Perflib_Perfdata_4a0.dat
- 9999-10-05 04:28 . 9999-10-05 04:28 16384 c:\windows\Temp\Perflib_Perfdata_4a0.dat
- 2004-09-08 09:09 . 2011-09-25 06:34 75644 c:\windows\system32\perfc009.dat
+ 2004-09-08 09:09 . 9999-10-07 11:38 75644 c:\windows\system32\perfc009.dat
- 2004-09-08 09:09 . 2011-09-25 06:34 87762 c:\windows\system32\perfc005.dat
+ 2004-09-08 09:09 . 9999-10-07 11:38 87762 c:\windows\system32\perfc005.dat
- 2009-09-11 06:26 . 2009-09-11 06:26 96408 c:\windows\system32\drivers\epfwtdir.sys
+ 2009-09-11 00:26 . 2009-09-11 00:26 96408 c:\windows\system32\drivers\epfwtdir.sys
+ 2009-11-03 07:28 . 9999-10-07 11:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-03 07:28 . 2009-11-03 07:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-03 07:28 . 2009-11-03 07:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-11-03 07:28 . 9999-10-07 11:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-03 10:12 . 9999-10-05 03:49 10134 c:\windows\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\callmsi.exe
+ 9999-10-08 04:19 . 9999-10-08 04:19 10134 c:\windows\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\callmsi.exe
+ 2004-09-08 09:09 . 9999-10-07 11:38 455530 c:\windows\system32\perfh009.dat
- 2004-09-08 09:09 . 2011-09-25 06:34 455530 c:\windows\system32\perfh009.dat
- 2004-09-08 09:09 . 2011-09-25 06:34 451490 c:\windows\system32\perfh005.dat
+ 2004-09-08 09:09 . 9999-10-07 11:38 451490 c:\windows\system32\perfh005.dat
- 2009-09-11 06:23 . 2009-09-11 06:23 108792 c:\windows\system32\drivers\ehdrv.sys
+ 2009-09-11 00:23 . 2009-09-11 00:23 108792 c:\windows\system32\drivers\ehdrv.sys
+ 2009-09-11 00:17 . 2009-09-11 00:17 116008 c:\windows\system32\drivers\eamon.sys
- 2009-09-11 06:17 . 2009-09-11 06:17 116008 c:\windows\system32\drivers\eamon.sys
+ 9999-10-06 10:49 . 9999-10-06 10:49 219648 c:\windows\Installer\2ed626.msi
+ 9999-10-08 04:19 . 9999-10-08 04:19 101480 c:\windows\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\egui.exe
- 2009-11-03 10:12 . 9999-10-05 03:49 101480 c:\windows\Installer\{03DD875D-0631-443B-9A17-41FB150AD49C}\egui.exe
+ 9999-10-08 04:19 . 9999-10-08 04:19 1140224 c:\windows\Installer\43894.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-08 1434920]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-05-11 513080]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-04-15 181816]
"zCpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2009-04-19 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-04-14 1044480]
"Kerio VPN Client"="c:\program files\Kerio\VPN Client\kvpncgui.exe" [2009-10-26 4986728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-12-11 604776]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programs\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 18:14 24064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11.9.2009 7:24 735960]
R2 KVPNCSvc;Kerio VPN Client Service;c:\program files\Kerio\VPN Client\kvpncsvc.exe [26.10.2009 21:28 972648]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11.7.2009 4:27 239160]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\drivers\kvnet.sys [23.3.2009 16:25 29696]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Fanta\Data aplikací\Mozilla\Firefox\Profiles\fjrv0976.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 12:09
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
zCpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2496)
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\msdtc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\mqsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Celkový čas: 2011-10-09 12:13:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-10-09 05:13
ComboFix2.txt 2011-10-08 06:38
ComboFix3.txt 9999-10-05 05:11
.
Před spuštěním: Volných bajtů: 116 396 490 752
Po spuštění: Volných bajtů: 116 386 680 832
.
- - End Of File - - 8DC096597633D2E4611292F0D8F93EF4

Fajn, jak se chova PC?

NODa mozna bude potreba preinstalovat - havet jej zrejme poskodila

oproti predchozimu stavu vypada nadmiru stabilizovane, start sice zustava trosku pomalejsi, ale to uz je malickost, vsechny predchozi problemy zmizely a po prvni aplikaci combofixu se rozjel i NOD, ktery jsem predtim v nouzovem rezimu odinstaloval a pak znovu nainstaloval. Ted se chova alespon navenek normalne, stahuje aktualizace sam, nezkousel jsem zatim zadny test nic, ale vypada spokojene. pokud je nejaka cesta k overeni spravne funkcnosti, jeste provedu..

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Dejte novy log z RSIT a napiste co PC, ci je vse OK

VIRY.CZ

NOD32 - problem s jadrem + jusched.exe + security on web

NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web

Re: NOD32 - problem s jadrem + jusched.exe + security on web