VIRY.CZ

Po té, co mi přestal fungovat na XP AVG 9, windows firewall a všechny vypalovací programy (hláška "windows nemá oprávnění pro přístup do složky") jsem pomocí záchranného AVG CD našel rootkit "Inline hook atapi.sys +0x684D -> ipsec.sys +0x4370, soubory AVG infikované Katushou A a trojan Agent_r.AQA v souboru ipsec.
Po komunikaci na foru AVG se podařilo infekci odstranit (zde jsou ke stažení i moje všechny možné logy) http://forums.avg.com/cz-cs/avg-forums? ... ow&id=2475 , nicméně internet, který v průběhu infekce fungoval, nyní není funkční a nejde zprovoznit.
Mám podezření na problém okolo souboru IPSEC, který byl nakažený.
Síťová karta je funkční, hlásí správně připojení i odpojení k síti, ale ipconfig /all hlásí "došlo k vnitřní chybě, požadavek není podporován." Protokol tcp/ip je podle vlastností sítě nainstalován.
Použití utility Winsockxpfix nic nevyřešilo.
Ping hlásí "nelze se spojit s ovladačem protokolu IP, chybový kód 2."
Prosím o radu!

Poprosím o log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2011-11-02 19:00:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 19 GB
Total RAM: 767 MB (40% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Administrator Logon.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-09-27 2179936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64c54209-175c-454d-9291-ac46d4d952cf}]
Complete Bar - C:\Program Files\completebartb\completebarDx.dll [2011-03-23 86696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
Complitly - C:\Documents and Settings\Administrator\Data aplikací\CompitlyEngine\ComplitlyEngine.dll [2011-03-28 139768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nuclear Games Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe618700-e0ee-441e-8b1d-18ce226bb193}]
Updater For Complete Bar - C:\Program Files\completebartb\auxi\completebarAu.dll [2011-03-23 262312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll [2010-10-11 612616]
{64c54209-175c-454d-9291-ac46d4d952cf} - Complete Bar - C:\Program Files\completebartb\completebarDx.dll [2011-03-23 86696]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\prxtbuTo0.dll [2011-05-09 176936]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nuclear Games Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-01-13 114688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"EPSON Stylus C43 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2002-12-10 75776]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"RIMBBLaunchAgent.exe"=C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]
"Anti-phishing Domain Advisor"=C:\Documents and Settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe [2011-03-15 232104]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-09-23 2404704]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-01-13 155648]
"COMODO"=C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2011-05-26 208184]
"CPA"=C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [2011-05-26 182584]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-10-20 2497352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.914 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-01-13 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-11-02 19:02:45 ----D---- C:\Program Files\trend micro
2011-11-02 19:00:51 ----D---- C:\rsit
2011-11-02 17:33:04 ----A---- C:\WINDOWS\resetlog.txt
2011-11-02 16:08:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2011-11-02 16:08:19 ----D---- C:\Program Files\COMODO
2011-11-02 16:08:17 ----A---- C:\WINDOWS\system32\gdiplus.dll
2011-11-02 16:07:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2011-11-01 21:46:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-11-01 21:46:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-10-30 19:33:01 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVG
2011-10-30 18:01:16 ----D---- C:\Program Files\Windows Resource Kits
2011-10-29 20:40:07 ----D---- C:\WINDOWS\system32\NtmsData
2011-10-29 20:36:53 ----ASH---- C:\pagefile.sys
2011-10-29 19:57:02 ----ASH---- C:\BOOT.BAK
2011-10-29 19:56:47 ----RSHD---- C:\cmdcons
2011-10-29 19:56:46 ----D---- C:\WINDOWS\setup.pss
2011-10-29 18:29:08 ----HD---- C:\WINDOWS\PIF
2011-10-26 20:00:43 ----D---- C:\Qoobox
2011-10-26 20:00:41 ----A---- C:\Bug.txt
2011-10-26 20:00:29 ----D---- C:\32788R22FWJFW
2011-10-26 19:12:00 ----D---- C:\ERDNT
2011-10-26 18:02:38 ----D---- C:\WINDOWS\system32\appmgmt
2011-10-26 18:00:16 ----A---- C:\WINDOWS\UPGRADE.TXT
2011-10-23 21:52:49 ----D---- C:\Program Files\NORTON UTILITIES 14
2011-10-23 20:34:13 ----A---- C:\WINDOWS\system32\ipsec.sys
2011-10-19 16:54:52 ----D---- C:\AVGTemp
2011-10-18 18:03:51 ----D---- C:\Documents and Settings\Administrator\Data aplikací\AVG2012
2011-10-18 18:00:58 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-10-18 18:00:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2012
2011-10-18 17:23:12 ----D---- C:\Program Files\ESET
2011-10-17 19:46:18 ----D---- C:\Program Files\AVG
2011-10-16 20:33:01 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Canneverbe Limited
2011-10-16 20:32:14 ----D---- C:\Program Files\CDBurnerXP
2011-10-16 20:32:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
2011-10-16 19:18:51 ----D---- C:\Config.Msi
2011-10-16 19:05:43 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-10-16 18:55:02 ----SHD---- C:\WINDOWS\CSC
2011-10-16 18:42:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-10-16 13:45:26 ----D---- C:\WINDOWS\Minidump
2011-10-07 22:04:52 ----D---- C:\Program Files\Neuro-Programmer 2 Professional
2011-10-07 20:48:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Babylon
2011-10-07 20:48:35 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Babylon
2011-10-07 19:36:38 ----D---- C:\Program Files\IDoser v4
2011-10-07 18:48:04 ----A---- C:\WINDOWS\system32\drivers\inspect.sys
2011-10-07 18:48:02 ----A---- C:\WINDOWS\system32\drivers\cmdhlp.sys
2011-10-07 18:48:02 ----A---- C:\WINDOWS\system32\drivers\cmdGuard.sys
2011-10-07 18:48:00 ----A---- C:\WINDOWS\system32\drivers\cmderd.sys
2011-10-07 18:47:12 ----A---- C:\WINDOWS\system32\guard32.dll
2011-10-07 18:47:12 ----A---- C:\WINDOWS\system32\cmdcsr.dll

======List of files/folders modified in the last 1 month======

2011-11-02 19:02:53 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-02 19:02:45 ----RD---- C:\Program Files
2011-11-02 19:01:17 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-02 19:01:05 ----D---- C:\WINDOWS\Temp
2011-11-02 19:00:58 ----D---- C:\WINDOWS\Prefetch
2011-11-02 18:56:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-02 17:33:04 ----D---- C:\WINDOWS
2011-11-02 17:25:14 ----SHD---- C:\WINDOWS\Installer
2011-11-02 17:25:04 ----D---- C:\Program Files\Ahead
2011-11-02 17:25:03 ----D---- C:\WINDOWS\system32
2011-11-02 16:31:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-02 16:23:39 ----D---- C:\WINDOWS\security
2011-11-02 16:08:50 ----D---- C:\WINDOWS\system32\drivers
2011-11-02 16:00:54 ----SD---- C:\WINDOWS\Tasks
2011-11-01 23:24:22 ----A---- C:\WINDOWS\WTRAN32.INI
2011-11-01 21:48:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-10-31 19:51:52 ----D---- C:\WINDOWS\system32\Setup
2011-10-31 19:29:41 ----HD---- C:\WINDOWS\inf
2011-10-30 23:45:36 ----D---- C:\WINDOWS\Debug
2011-10-30 18:53:05 ----A---- C:\WINDOWS\system.ini
2011-10-29 20:40:07 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-10-29 19:57:03 ----RASH---- C:\boot.ini
2011-10-26 19:12:31 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-26 18:12:33 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2011-10-26 18:02:19 ----A---- C:\WINDOWS\imsins.BAK
2011-10-23 21:19:47 ----D---- C:\k Duně
2011-10-17 19:47:42 ----HD---- C:\$AVG
2011-10-17 19:36:41 ----D---- C:\Program Files\Opera
2011-10-17 16:19:36 ----RSD---- C:\WINDOWS\assembly
2011-10-17 16:19:36 ----D---- C:\WINDOWS\Microsoft.NET
2011-10-17 16:01:17 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-17 15:57:12 ----D---- C:\WINDOWS\WinSxS
2011-10-17 15:52:38 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-16 19:55:19 ----D---- C:\Program Files\__
2011-10-16 19:31:19 ----D---- C:\WINDOWS\system32\CatRoot
2011-10-16 19:22:44 ----D---- C:\WINDOWS\system32\config
2011-10-16 19:22:21 ----D---- C:\WINDOWS\system32\wbem
2011-10-16 19:22:18 ----D---- C:\WINDOWS\Registration
2011-10-16 12:04:56 ----HD---- C:\WINDOWS\$hf_mig$
2011-10-08 19:02:45 ----D---- C:\Documents and Settings\Administrator\Data aplikací\uTorrent
2011-10-08 11:42:55 ----D---- C:\Převodovka
2011-10-07 19:46:34 ----D---- C:\Program Files\uTorrentBar
2011-10-06 19:54:58 ----D---- C:\WINDOWS\XSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-10-07 97760]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-10-07 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-10-07 31704]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 PPJoyBus;Parallel Port Joystick Bus device driver; C:\WINDOWS\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
R3 PPortJoystick;Parallel Port Joystick device driver; C:\WINDOWS\system32\drivers\PPortJoy.sys [2004-10-24 28800]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdm1;USB Bridge Cable Driver; C:\WINDOWS\System32\Drivers\usbbc.sys [2001-01-08 15576]
S1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 A4SII300;A4SII300; C:\WINDOWS\System32\drivers\A4SII300.SYS [1998-04-02 25824]
S2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys []
S2 Ca1528av;SPCA1528 Video Camera Service; C:\WINDOWS\System32\Drivers\Ca1528av.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-01-14 108736]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-01-14 78272]
S3 8440e909;8440e909; C:\WINDOWS\166281348:2076120822.exe []
S3 Bulk1528;SPCA1528 Still Camera Service; C:\WINDOWS\System32\Drivers\Bulk1528.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2002-11-12 99840]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-01-14 87803]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2011-02-16 64000]
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-05-26 154424]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-10-07 1883328]
S2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe []
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf []
S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-05-05 165416]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Poprosím ještě o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-11-02.03 - Administrator 02.11.2011 20:32:45.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.443 [GMT 1:00]
Spuštěný z: g:\k avg\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\windows\$NtUninstallKB37558$
c:\windows\$NtUninstallKB37558$\2218846473\@
c:\windows\$NtUninstallKB37558$\2218846473\click.tlb
c:\windows\$NtUninstallKB37558$\2218846473\L\ospiwtoo
c:\windows\$NtUninstallKB37558$\2218846473\loader.tlb
c:\windows\$NtUninstallKB37558$\2218846473\U\@00000001
c:\windows\$NtUninstallKB37558$\2218846473\U\@000000c0
c:\windows\$NtUninstallKB37558$\2218846473\U\@000000cb
c:\windows\$NtUninstallKB37558$\2218846473\U\@000000cf
c:\windows\$NtUninstallKB37558$\2218846473\U\@80000000
c:\windows\$NtUninstallKB37558$\2218846473\U\@800000c0
c:\windows\$NtUninstallKB37558$\2218846473\U\@800000cb
c:\windows\$NtUninstallKB37558$\2218846473\U\@800000cf
c:\windows\$NtUninstallKB37558$\3244903967
c:\windows\IsUn0405.exe
c:\windows\msmqinst.log
c:\windows\system32\
c:\windows\XSxS
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_8440e909
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-02 do 2011-11-02 )))))))))))))))))))))))))))))))
.
.
2011-11-02 18:02 . 2011-11-02 18:02 -------- d-----w- c:\program files\trend micro
2011-11-02 18:00 . 2011-11-02 18:02 -------- d-----w- C:\rsit
2011-11-02 15:08 . 2011-11-02 15:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2011-11-02 15:08 . 2011-11-02 18:17 -------- d-----w- c:\program files\COMODO
2011-11-02 15:08 . 2011-11-02 15:08 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-02 15:07 . 2011-11-02 15:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2011-11-01 20:46 . 2011-11-01 20:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-11-01 20:46 . 2011-11-01 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-31 18:34 . 2001-10-24 11:02 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-10-31 18:34 . 2001-10-24 11:02 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2011-10-31 18:34 . 2001-08-17 20:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2011-10-31 18:34 . 2001-10-24 11:01 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2011-10-31 18:34 . 2008-04-13 19:40 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2011-10-31 18:32 . 2004-08-03 21:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-10-31 18:32 . 2001-08-17 19:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-10-31 18:32 . 2001-08-17 19:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-10-31 18:32 . 2001-10-24 11:25 9728 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-10-31 18:32 . 2001-08-17 19:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-10-31 18:32 . 2008-04-14 03:17 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-10-31 18:32 . 2001-08-17 19:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-10-31 18:32 . 2001-10-24 11:24 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-10-31 18:32 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-10-31 18:32 . 2001-10-24 10:58 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-10-31 18:32 . 2001-10-24 10:58 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-10-31 18:32 . 2001-10-24 11:25 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-10-31 18:30 . 2001-08-17 20:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2011-10-31 18:29 . 2001-10-24 11:25 86016 -c--a-w- c:\windows\system32\dllcache\pctspk.exe
2011-10-31 18:28 . 2001-08-17 21:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2011-10-31 18:28 . 2001-08-17 21:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2011-10-31 18:28 . 2001-08-17 21:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-10-31 18:28 . 2001-08-17 21:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2011-10-31 18:28 . 2001-10-24 10:50 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2011-10-31 18:28 . 2001-10-24 10:50 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-10-31 18:28 . 2001-08-17 19:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2011-10-31 18:28 . 2001-08-17 19:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-10-31 18:28 . 2008-04-13 19:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-10-31 18:28 . 2001-08-17 19:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-31 18:28 . 2001-10-24 11:24 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-31 18:28 . 2001-08-17 19:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-31 18:26 . 2001-10-24 11:24 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2011-10-31 18:25 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-31 18:25 . 2008-04-13 19:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-31 18:25 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-31 18:25 . 2001-08-17 20:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-31 18:25 . 2008-04-13 19:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-31 18:25 . 2001-08-17 20:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-10-31 18:25 . 2008-04-13 19:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-10-31 18:24 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-10-31 18:24 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-10-31 18:24 . 2001-08-17 20:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-10-31 18:24 . 2001-10-24 10:52 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-10-31 18:24 . 2001-10-24 11:24 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-10-31 18:24 . 2008-04-13 19:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-10-31 18:24 . 2001-10-24 11:23 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-10-31 18:24 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-10-31 18:24 . 2001-10-24 10:50 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-10-31 18:24 . 2001-08-17 20:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2011-10-31 18:24 . 2001-08-17 19:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2011-10-31 18:22 . 2001-10-24 11:24 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-31 18:22 . 2008-04-14 04:21 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-10-31 18:22 . 2008-04-14 04:21 254464 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-10-31 18:22 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-10-31 18:22 . 2001-08-17 20:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-10-31 18:22 . 2008-04-14 04:21 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-10-31 18:22 . 2001-08-17 20:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2011-10-31 18:22 . 2008-04-14 04:22 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-10-31 18:22 . 2008-04-13 19:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-10-31 18:22 . 2001-08-17 19:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-10-31 18:21 . 2001-10-24 11:24 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-10-31 18:21 . 2001-08-17 20:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-10-31 18:21 . 2001-10-24 10:42 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-10-31 18:21 . 2001-08-17 20:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-10-31 18:21 . 2001-10-24 11:24 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-10-31 18:21 . 2001-08-17 21:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-10-31 18:21 . 2001-10-24 11:24 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-10-31 18:21 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2011-10-31 18:21 . 2001-08-17 21:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-10-31 18:21 . 2001-10-24 11:24 62464 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-10-31 18:21 . 2001-10-24 11:24 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-10-31 18:21 . 2001-10-24 11:24 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2011-10-31 18:19 . 2001-10-24 11:24 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-31 18:18 . 2001-10-24 11:24 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2011-10-31 18:17 . 2001-08-17 19:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2011-10-31 18:16 . 2001-08-17 19:19 63360 -c--a-w- c:\windows\system32\dllcache\ess.sys
2011-10-31 18:15 . 2001-08-17 19:10 69692 -c--a-w- c:\windows\system32\dllcache\el575nd5.sys
2011-10-31 18:14 . 2001-10-24 11:24 110621 -c--a-w- c:\windows\system32\dllcache\digirlpt.dll
2011-10-31 18:13 . 2001-08-17 19:19 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys
2011-10-31 18:12 . 2001-10-24 11:24 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2011-10-31 18:11 . 2001-08-17 19:11 66557 -c--a-w- c:\windows\system32\dllcache\bcm42u.sys
2011-10-31 18:10 . 2004-08-03 21:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2011-10-30 18:33 . 2011-10-30 19:48 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVG
2011-10-30 17:01 . 2011-10-30 17:01 -------- d-----w- c:\program files\Windows Resource Kits
2011-10-29 19:40 . 2011-10-29 19:56 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 17:29 . 2011-10-29 17:29 -------- d--h--w- c:\windows\PIF
2011-10-26 18:12 . 2011-10-26 18:12 -------- d-----w- C:\ERDNT
2011-10-23 20:52 . 2011-10-27 15:48 -------- d-----w- c:\program files\NORTON UTILITIES 14
2011-10-23 19:34 . 2008-04-13 22:49 75264 ----a-w- c:\windows\system32\ipsec.sys
2011-10-19 15:54 . 2011-10-19 15:54 -------- d-----w- C:\AVGTemp
2011-10-18 17:00 . 2011-10-31 19:46 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-18 17:00 . 2011-10-26 15:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2011-10-18 16:23 . 2011-10-18 16:23 -------- d-----w- c:\program files\ESET
2011-10-17 18:46 . 2011-10-30 18:32 -------- d-----w- c:\program files\AVG
2011-10-16 19:33 . 2011-10-16 19:33 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Canneverbe Limited
2011-10-16 19:32 . 2011-11-02 15:31 -------- d-----w- c:\program files\CDBurnerXP
2011-10-16 19:32 . 2011-10-16 19:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Canneverbe Limited
2011-10-16 18:22 . 2011-10-16 18:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-16 18:05 . 2011-10-17 16:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-16 17:42 . 2011-10-31 19:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-10-08 15:46 . 2011-10-08 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\NP2
2011-10-07 21:04 . 2011-10-07 21:24 -------- d-----w- c:\program files\Neuro-Programmer 2 Professional
2011-10-07 19:48 . 2011-10-07 19:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Babylon
2011-10-07 19:48 . 2011-10-07 19:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-10-07 19:48 . 2011-10-07 19:48 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Babylon
2011-10-07 18:36 . 2011-11-01 20:48 -------- d-----w- c:\program files\IDoser v4
2011-10-07 17:48 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2011-10-07 17:48 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:48 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 17:47 . 2011-10-07 17:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-06 18:54 . 2011-10-06 18:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Xenocode
2011-10-06 16:46 . 2011-10-06 16:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\MediaGet2
2011-10-05 20:48 . 2011-10-17 00:21 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikací\8440e909
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2010-03-18 09:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-18 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-19 16:58 . 2011-06-27 11:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:07 . 2010-05-02 16:18 249856 ----a-w- c:\windows\Setup1.exe
2011-08-31 21:07 . 2010-05-02 16:18 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-18 07:35 . 2011-08-18 07:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-17 13:49 . 2004-08-18 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64c54209-175c-454d-9291-ac46d4d952cf}]
2011-03-23 17:33 86696 ----a-w- c:\program files\completebartb\completebarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe618700-e0ee-441e-8b1d-18ce226bb193}]
2011-03-23 17:33 262312 ----a-w- c:\program files\completebartb\auxi\completebarAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64c54209-175c-454d-9291-ac46d4d952cf}"= "c:\program files\completebartb\completebarDx.dll" [2011-03-23 86696]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{64c54209-175c-454d-9291-ac46d4d952cf}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-01-13 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"EPSON Stylus C43 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-10 75776]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-03-15 232104]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-01-13 155648]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.914" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-9 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 0:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 5:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11.7.2011 0:13 229840]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 18:48 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 18:48 31704]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [19.10.2011 16:58 192776]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23.1.2004 16:33 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23.1.2004 16:32 28800]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [17.4.2010 8:41 15576]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 0:14 295248]
S2 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys [16.1.2011 20:02 25824]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.9.2011 5:23 5265248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11.7.2011 0:14 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11.7.2011 0:14 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11.7.2011 0:14 16720]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 18:31 42000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-02 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Administrator Logon.job
- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-10-30 14:58]
.
2011-11-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
2011-11-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-11-01 14:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - (no file)
AddRemove-Adobe Photoshop 6.0.1 CE - c:\windows\ISUN0405.EXE
AddRemove-HijackThis - G:\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-02 20:52
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2625337770-2973904658-525432662-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17C83A77-4F46-40C9-B9A2-3970E88BA0A8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iagmhlnjfepmnpgegf"=hex:6a,61,6b,66,67,66,70,6b,6a,6c,61,6f,6f,63,64,70,6d,67,
6f,64,00,40
"haahfolbffncfglm"=hex:6a,61,6b,66,70,65,6d,6d,61,65,66,6d,67,69,66,6d,65,68,
63,6a,00,40
"hakjcepkncbbmppc"=hex:61,61,00,00
"hakjcepkhehbaljh"=hex:61,61,00,00
.
[HKEY_USERS\S-1-5-21-2625337770-2973904658-525432662-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A495AE5-EAFF-3DC3-264B-07DBFFD7D5EC}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hajcolgejehjhgdc"=hex:61,61,00,00
"hajcolgepgfgmkaj"=hex:61,61,00,00
"ianddafcholdnfnbam"=hex:6a,61,67,6f,63,6b,6f,6b,65,6b,64,61,65,65,65,63,64,64,
63,67,00,40
"hadenfbadiddjfmi"=hex:6a,61,67,6f,6d,6a,69,6b,64,6a,67,62,66,6d,61,64,69,66,
6f,62,00,40
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17C83A77-4F46-40C9-B9A2-3970E88BA0A8}\InProcServer32*]
"jamggonocfldbellifmo"=hex:6a,61,6b,66,67,66,70,6b,6a,6c,61,6f,6f,63,64,70,6d,
67,6f,64,00,40
"iamgioidolbnadbibo"=hex:6a,61,6b,66,70,65,6d,6d,61,65,66,6d,67,69,66,6d,65,68,
63,6a,00,40
"iamgclpecgefgbhmhf"=hex:61,61,00,00
"iamgclpecgceaalijn"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7A495AE5-EAFF-3DC3-264B-07DBFFD7D5EC}\InProcServer32*]
"iahfkbhmicfcnlealj"=hex:61,61,00,00
"iahfkbhmichbpkaged"=hex:61,61,00,00
"jahfgcdbpnohimokhjdk"=hex:6a,61,67,6f,63,6b,6f,6b,65,6b,64,61,65,65,65,63,64,
64,63,67,00,40
"iahficfejjgmcpiogm"=hex:6a,61,67,6f,6d,6a,69,6b,64,6a,67,62,66,6d,61,64,69,66,
6f,62,00,40
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2116)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(640)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-11-02 20:56:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-02 19:56
.
Před spuštěním: 1 608 708 096
Po spuštění: 1 717 862 400
.
- - End Of File - - BBC1A306F89D2C2EB38744CBECE848EE

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Regnull::

[HKEY_USERS\S-1-5-21-2625337770-2973904658-525432662-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{17C83A77-4F46-40C9-B9A2-3970E88BA0A8}*]
[HKEY_USERS\S-1-5-21-2625337770-2973904658-525432662-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A495AE5-EAFF-3DC3-264B-07DBFFD7D5EC}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{17C83A77-4F46-40C9-B9A2-3970E88BA0A8}\InProcServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7A495AE5-EAFF-3DC3-264B-07DBFFD7D5EC}\InProcServer32*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 11-11-02.03 - Administrator 03.11.2011 16:24:01.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.767.371 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\ehome\medctrro.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-03 do 2011-11-03 )))))))))))))))))))))))))))))))
.
.
2011-11-02 18:02 . 2011-11-02 18:02 -------- d-----w- c:\program files\trend micro
2011-11-02 18:00 . 2011-11-02 18:02 -------- d-----w- C:\rsit
2011-11-02 15:08 . 2011-11-02 15:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2011-11-02 15:08 . 2011-11-02 18:17 -------- d-----w- c:\program files\COMODO
2011-11-02 15:08 . 2011-11-02 15:08 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-02 15:07 . 2011-11-02 15:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo Downloader
2011-11-01 20:46 . 2011-11-01 20:55 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-11-01 20:46 . 2011-11-01 20:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-31 18:24 . 2001-10-24 10:52 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-10-31 18:24 . 2001-10-24 11:24 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-10-31 18:24 . 2008-04-13 19:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-10-31 18:24 . 2001-10-24 11:23 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-10-31 18:24 . 2001-08-17 20:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-10-31 18:24 . 2001-10-24 10:50 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2011-10-31 18:24 . 2001-08-17 20:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2011-10-31 18:24 . 2001-08-17 19:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2011-10-31 18:22 . 2001-10-24 11:24 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-31 18:22 . 2008-04-14 04:21 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-10-31 18:22 . 2008-04-14 04:21 254464 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-10-31 18:22 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-10-31 18:22 . 2001-08-17 20:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-10-31 18:22 . 2008-04-14 04:21 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-10-31 18:22 . 2001-08-17 20:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2011-10-31 18:22 . 2008-04-14 04:22 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-10-31 18:22 . 2008-04-13 19:54 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-10-31 18:22 . 2001-08-17 19:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-10-31 18:21 . 2001-10-24 11:24 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-10-31 18:21 . 2001-08-17 20:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-10-31 18:21 . 2001-10-24 10:42 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-10-31 18:21 . 2001-08-17 20:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-10-31 18:21 . 2001-10-24 11:24 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-10-31 18:21 . 2001-08-17 21:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-10-31 18:21 . 2001-10-24 11:24 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-10-31 18:21 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2011-10-31 18:21 . 2001-08-17 21:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-10-31 18:21 . 2001-10-24 11:24 62464 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-10-31 18:21 . 2001-10-24 11:24 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-10-31 18:21 . 2001-10-24 11:24 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2011-10-31 18:19 . 2001-10-24 11:24 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2011-10-31 18:18 . 2001-10-24 11:24 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2011-10-31 18:17 . 2001-08-17 19:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2011-10-31 18:16 . 2001-08-17 19:19 63360 -c--a-w- c:\windows\system32\dllcache\ess.sys
2011-10-31 18:15 . 2001-08-17 19:10 69692 -c--a-w- c:\windows\system32\dllcache\el575nd5.sys
2011-10-31 18:14 . 2001-10-24 11:24 110621 -c--a-w- c:\windows\system32\dllcache\digirlpt.dll
2011-10-31 18:13 . 2001-08-17 19:19 72832 -c--a-w- c:\windows\system32\dllcache\cwbwdm.sys
2011-10-31 18:12 . 2001-10-24 11:24 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2011-10-31 18:11 . 2001-08-17 19:11 66557 -c--a-w- c:\windows\system32\dllcache\bcm42u.sys
2011-10-31 18:10 . 2004-08-03 21:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2011-10-30 18:33 . 2011-10-30 19:48 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\AVG
2011-10-30 17:01 . 2011-10-30 17:01 -------- d-----w- c:\program files\Windows Resource Kits
2011-10-29 19:40 . 2011-10-29 19:56 -------- d-----w- c:\windows\system32\NtmsData
2011-10-29 17:29 . 2011-10-29 17:29 -------- d--h--w- c:\windows\PIF
2011-10-26 18:12 . 2011-10-26 18:12 -------- d-----w- C:\ERDNT
2011-10-23 20:52 . 2011-10-27 15:48 -------- d-----w- c:\program files\NORTON UTILITIES 14
2011-10-23 19:34 . 2008-04-13 22:49 75264 ----a-w- c:\windows\system32\ipsec.sys
2011-10-19 15:54 . 2011-10-19 15:54 -------- d-----w- C:\AVGTemp
2011-10-18 17:00 . 2011-10-31 19:46 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-18 17:00 . 2011-10-26 15:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2012
2011-10-18 16:23 . 2011-10-18 16:23 -------- d-----w- c:\program files\ESET
2011-10-17 18:46 . 2011-10-30 18:32 -------- d-----w- c:\program files\AVG
2011-10-16 19:33 . 2011-10-16 19:33 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Canneverbe Limited
2011-10-16 19:32 . 2011-11-02 15:31 -------- d-----w- c:\program files\CDBurnerXP
2011-10-16 19:32 . 2011-10-16 19:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Canneverbe Limited
2011-10-16 18:22 . 2011-10-16 18:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-16 18:05 . 2011-10-17 16:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-16 17:42 . 2011-10-31 19:46 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-10-08 15:46 . 2011-10-08 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\NP2
2011-10-07 21:04 . 2011-10-07 21:24 -------- d-----w- c:\program files\Neuro-Programmer 2 Professional
2011-10-07 19:48 . 2011-10-07 19:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Babylon
2011-10-07 19:48 . 2011-10-07 19:48 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2011-10-07 19:48 . 2011-10-07 19:48 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Babylon
2011-10-07 18:36 . 2011-11-01 20:48 -------- d-----w- c:\program files\IDoser v4
2011-10-07 17:48 . 2011-10-07 17:48 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-10-07 17:48 . 2011-10-07 17:48 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 17:48 . 2011-10-07 17:48 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 17:48 . 2011-10-07 17:48 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 17:47 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 17:47 . 2011-10-07 17:47 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-06 18:54 . 2011-10-06 18:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Xenocode
2011-10-06 16:46 . 2011-10-06 16:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\MediaGet2
2011-10-05 20:48 . 2011-10-17 00:21 -------- d-sh--w- c:\documents and settings\Administrator\Local Settings\Data aplikací\8440e909
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 09:41 . 2010-03-18 09:09 613376 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-08-18 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2004-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-19 16:58 . 2011-06-27 11:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-13 04:30 . 2011-09-13 04:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-09 09:12 . 2004-08-18 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:07 . 2010-05-02 16:18 249856 ----a-w- c:\windows\Setup1.exe
2011-08-31 21:07 . 2010-05-02 16:18 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-08-18 07:35 . 2011-08-18 07:35 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-17 13:49 . 2004-08-18 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-08 04:08 . 2011-08-08 04:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64c54209-175c-454d-9291-ac46d4d952cf}]
2011-03-23 17:33 86696 ----a-w- c:\program files\completebartb\completebarDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe618700-e0ee-441e-8b1d-18ce226bb193}]
2011-03-23 17:33 262312 ----a-w- c:\program files\completebartb\auxi\completebarAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{64c54209-175c-454d-9291-ac46d4d952cf}"= "c:\program files\completebartb\completebarDx.dll" [2011-03-23 86696]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{64c54209-175c-454d-9291-ac46d4d952cf}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-01-13 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"EPSON Stylus C43 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-10 75776]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Anti-phishing Domain Advisor"="c:\documents and settings\All Users\Data aplikací\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-03-15 232104]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-01-13 155648]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.914" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-9 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11.7.2011 0:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13.9.2011 5:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [11.7.2011 0:13 229840]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [7.10.2011 18:48 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.10.2011 18:48 31704]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12.9.2011 5:23 5265248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [19.10.2011 16:58 192776]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11.7.2011 0:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11.7.2011 0:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [11.7.2011 0:14 16720]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23.1.2004 16:33 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [23.1.2004 16:32 28800]
R3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [17.4.2010 8:41 15576]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11.7.2011 0:14 295248]
S2 A4SII300;A4SII300;c:\windows\system32\drivers\a4sii300.sys [16.1.2011 20:02 25824]
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\Drivers\Ca1528av.sys --> c:\windows\system32\Drivers\Ca1528av.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\Drivers\Bulk1528.sys --> c:\windows\system32\Drivers\Bulk1528.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 18:31 42000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-03 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Administrator Logon.job
- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-10-30 14:58]
.
2011-11-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-11-01 14:31]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-03 17:07
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\guard32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(632)
c:\windows\system32\cmdcsr.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-11-03 17:14:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-03 16:14
ComboFix2.txt 2011-11-02 21:41
ComboFix3.txt 2011-11-02 19:56
.
Před spuštěním: 1 689 743 360
Po spuštění: 1 762 086 912
.
- - End Of File - - DCCF1067B7DAE25A3CD8E3AC62CF502A

Log již vypadá čistý. Nastala nějaká změna?

Ping stále hlásí "nelze se spojit s ovladačem protokolu IP. Chybový kód 2." Chystám se vyzkoušet XPmanager.

Vyzkoušejte.

Tak jsem kýženého výsledku nedosáhl. Neexistuje třeba nějaká utilita na správu TCP/IP?

Vyzkoušejte WinsockFix: http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 .

Po aplikaci Winsockfix a restartu se nic nezměnilo, Ping hlásí "Nelze se spojit s ovladačem protokolu IP, chybový kód 2".
LSP-Fix hlásí "No problems found", výpis:
mswsock.dll - Tcpip
winrnr.dll - NTDS,
nwprovau.dll - NWLink IPX/SPX/NetBIOS...,
rsvpsp.dll - (Protocol handler)


Ipconfig opět vypisuje hlášku "Došlo k vnitřní chybě:Požadavek není podporován."

O ničem dalším nevím. Bude asi třeba oprava systému z instal. média.

Proto se snažím o záchranu systému, že reinstalace není možná. Před lety jsem koupil od naší firmy vyřazený počítač DELL OptiPlex GX260 s předinstalovaným systémem s firemní multilicencí, kterýžto ovšem dnes není dostupný. Sériové číslo ze štítku nepasuje na žádné jiné XP. Je to v pr....!
Ještě posílám log z programu XPNetDiag, snad někdo bude umět poradit.
Předem velmi děkuji za pomoc!


Čas spuštění poslední diagnostiky: 11/06/11 20:43:47 Diagnostika rozhraní WinSock
Stav rozhraní WinSock

info Při pokusu o ověření základních zprostředkovatelů Winsock došlo k chybě: 2
error V katalogu Winsock nelze nalézt všechny položky zprostředkovatele základní služby. Je vyžadováno obnovení.
info Přesměrování uživatele na odbornou pomoc



Diagnostika síťového adaptéru
Rozpoznávání umístění v síti

info Použití domácího připojení k síti Internet
Identifikace síťového adaptéru

info Síťové připojení: Název = Připojení k místní síti 4, Zařízení = 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX), MediaType = Místní síť (LAN), SubMediaType = Místní síť (LAN)
info Bylo vybráno připojení typu Ethernet.
Stav síťového adaptéru

info Stav připojení k síti: Připojeno



Diagnostika protokolů HTTP, HTTPS a FTP
Připojení protokoly HTTP, HTTPS a FTP

warn Protokol HTTP: Došlo k chybě 12007 při připojování k www.microsoft.com: Nelze rozpoznat název nebo adresu serveru.
warn Protokol HTTPS: Došlo k chybě 12007 při připojování k www.microsoft.com: Nelze rozpoznat název nebo adresu serveru.
warn FTP (pasivní): Došlo k chybě 12007 při připojování k ftp.microsoft.com: Nelze rozpoznat název nebo adresu serveru.
warn Protokol HTTP: Došlo k chybě 12007 při připojování k www.hotmail.com: Nelze rozpoznat název nebo adresu serveru.
warn Protokol HTTPS: Došlo k chybě 12007 při připojování k www.passport.net: Nelze rozpoznat název nebo adresu serveru.
warn FTP (aktivní): Došlo k chybě 12007 při připojování k ftp.microsoft.com: Nelze rozpoznat název nebo adresu serveru.
error Nepodařilo se vytvořit připojení Protokol HTTP.
error Nepodařilo se vytvořit připojení Protokol HTTPS.
error Nepodařilo se vytvořit připojení FTP.