VIRY.CZ

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdb.sys >>UNKNOWN [0x85FF9938]<<
spdb.sys
_asm { PUSH EBP; MOV EBP, ESP; JMP 0xfffffffffa4f5d9b; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x85EE7AB8]
3 CLASSPNP[0xF74E7FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006f[0x85FB8CC8]
5 ACPI[0xF7253620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP0T0L0-3[0x85FB9B68]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK

Last diagnostic run time: 03/19/11 12:27:06 HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn FTP (Passive): Error 12031 connecting to ftp.microsoft.com: The connection with the server was reset
info HTTP: Successfully connected to www.microsoft.com.
info HTTPS: Successfully connected to www.microsoft.com.
warn FTP (Active): Error 12031 connecting to ftp.microsoft.com: The connection with the server was reset
error Could not make an FTP connection.
info Redirecting user to support call



DNS Client Diagnostic
DNS - Not a home user scenario

info Using Web Proxy: no
info Resolving name ok for (www.microsoft.com): yes
No DNS servers

DNS failure




Gateway Diagnostic
Gateway

info The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info This computer has the following default gateway entry(ies): 87.198.56.1
info This computer has the following IP address(es): 87.198.56.244
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info TCP port 80 on host 64.4.31.252 was successfully reached
info The Internet host www.microsoft.com was successfully reached
info The default gateway is OK



IP Layer Diagnostic
Corrupted IP routing table

info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries

action The ARP cache has been flushed



IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 87.198.56.244



Wireless Diagnostic
Wireless - Service disabled

Wireless - User SSID

Wireless - First time setup

Wireless - Radio off

Wireless - Out of range

Wireless - Hardware issue

Wireless - Novice user

Wireless - Ad-hoc network

Wireless - Less preferred

Wireless - 802.1x enabled

Wireless - Configuration mismatch

Wireless - Low SNR




WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Wireless Network Connection, Device=Broadcom 802.11b/g WLAN, MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=Local Area Connection, Device=NVIDIA nForce Networking Controller, MediaType=LAN, SubMediaType=LAN
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Ethernet connection selected
Network adapter status

info Network connection status: Connected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

info HTTP: Successfully connected to www.microsoft.com.
warn FTP (Passive): Error 12031 connecting to ftp.microsoft.com: The connection with the server was reset
warn FTP (Active): Error 12031 connecting to ftp.microsoft.com: The connection with the server was reset
warn HTTPS: Error 12031 connecting to www.passport.net: The connection with the server was reset
error Could not make an HTTPS connection.
error Could not make an FTP connection.

Windows IP Configuration



Host Name . . . . . . . . . . . . : goines

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : magnet.ie



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : magnet.ie

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-00-00-00-00-00

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 87.198.56.244

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 87.198.56.1

DHCP Server . . . . . . . . . . . : 87.198.56.1

DNS Servers . . . . . . . . . . . : 85.91.1.128

85.91.1.130

Lease Obtained. . . . . . . . . . : 19 March 2011 12:11:15

Lease Expires . . . . . . . . . . : 19 March 2011 13:11:15



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

Physical Address. . . . . . . . . : 00-1A-73-8F-1E-4E

IP Configuration Diagnostic
Invalid IP address

info Valid IP address detected: 87.198.56.244

Jestliže nepoužíváte pevnou IP adresu, proxy atd., v sekci Start - Nastavení - Ovládací panely - Síťová připojení - Připojení k místní síti - Vlastnosti - Protokol sítě Internet (TCP/IP) - Vlastnosti zvolíme Získat adresu IP ze serveru DHCP automaticky a Získat adresu serveru DNS automaticky. V opačném případě zadáme do volných řádků nastavení od poskytovatele internetu.

address: 17 Dublin
address: Ireland

stell píše:ty si kde??V Irsku??

address: 17 Dublin
address: Ireland