Prosim o kontrolu logu
pri pingu odesilani se nezdarilo chybovy kod 65
Logfile of random's system information tool 1.06 (written by random/random)
Run by VondraBorec at 2010-04-13 16:05:51
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 31 GB (51%) free of 60 GB
Total RAM: 1023 MB (53% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2009-03-19 501384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-08-08 806912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - []
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2008-08-08 806912]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-07-28 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-04-14 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-04-14 602182]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-04-14 569413]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2009-03-19 77824]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-25 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 2 months======
2010-04-13 16:05:51 ----D---- C:\rsit
2010-04-13 16:05:51 ----D---- C:\Program Files\trend micro
2010-04-13 15:55:58 ----A---- C:\ComboFix.txt
2010-04-13 15:37:56 ----A---- C:\WINDOWS\zip.exe
2010-04-13 15:37:56 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-13 15:37:56 ----A---- C:\WINDOWS\SWSC.exe
2010-04-13 15:37:56 ----A---- C:\WINDOWS\SWREG.exe
2010-04-13 15:37:56 ----A---- C:\WINDOWS\sed.exe
2010-04-13 15:37:56 ----A---- C:\WINDOWS\PEV.exe
2010-04-13 15:37:56 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-13 15:37:56 ----A---- C:\WINDOWS\MBR.exe
2010-04-13 15:37:56 ----A---- C:\WINDOWS\grep.exe
2010-04-13 15:37:48 ----D---- C:\WINDOWS\ERDNT
2010-04-13 15:37:38 ----D---- C:\Qoobox
2010-02-24 23:28:05 ----D---- C:\Program Files\JPGVideo
2010-02-24 11:04:47 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-02-21 11:15:29 ----D---- C:\Program Files\Jalbum
======List of files/folders modified in the last 2 months======
2010-04-13 16:05:51 ----RD---- C:\Program Files
2010-04-13 16:05:22 ----D---- C:\WINDOWS\Internet Logs
2010-04-13 15:56:02 ----D---- C:\WINDOWS\system32\drivers
2010-04-13 15:55:28 ----D---- C:\WINDOWS\Temp
2010-04-13 15:54:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 15:51:57 ----D---- C:\WINDOWS
2010-04-13 15:51:56 ----A---- C:\WINDOWS\system.ini
2010-04-13 15:47:36 ----D---- C:\WINDOWS\system32
2010-04-13 15:47:36 ----D---- C:\WINDOWS\AppPatch
2010-04-13 15:47:31 ----D---- C:\Program Files\Common Files
2010-04-13 15:43:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-13 15:42:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-13 15:39:20 ----D---- C:\WINDOWS\system32\config
2010-04-13 15:37:28 ----D---- C:\WINDOWS\Prefetch
2010-04-13 01:39:52 ----A---- C:\WINDOWS\winamp.ini
2010-04-04 22:35:51 ----D---- C:\Program Files\Jesusonic
2010-03-28 17:42:06 ----D---- C:\Program Files\Mozilla Firefox
2010-03-28 17:35:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 10:50:54 ----SHD---- C:\WINDOWS\Installer
2010-03-26 10:50:52 ----D---- C:\Config.Msi
2010-03-26 10:50:44 ----D---- C:\Program Files\Opera
2010-03-24 11:46:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-27 19:02:00 ----D---- C:\Program Files\Free Video Converter
2010-02-27 19:01:56 ----A---- C:\WINDOWS\win.ini
2010-02-24 11:09:42 ----AC---- C:\WINDOWS\wincmd.ini
2010-02-24 11:04:23 ----D---- C:\Program Files\totalcmd
2010-02-23 13:26:23 ----D---- C:\Documents and Settings\VondraBorec\Data aplikací\dvdcss
2010-02-23 00:21:50 ----D---- C:\WINDOWS\system32\Restore
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-03-13 394952]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-08 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-04-14 13568]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-25 1681408]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-03-21 889472]
R3 SynMini;USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-07-03 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-06-30 8064]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-03 108928]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-12-14 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
R3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-01-31 39808]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1999-01-15 73216]
S2 SSIPDDP;SSIPDDP Parallel port device driver; \??\C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CEUSBAUD;Lambda MIDI Device; C:\WINDOWS\System32\Drivers\CEUSBAUD.sys [2007-11-08 17920]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 DfuUsb;DfuUsb; C:\WINDOWS\SYSTEM32\DRIVERS\DFUUsb.sys [2007-11-08 10880]
S3 mbr;mbr; \??\C:\DOCUME~1\VONDRA~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 RT-USB;Ross-Tech USB driver; C:\WINDOWS\system32\drivers\RT-USB.sys [2007-11-16 54400]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 usbaudio;Lambda In/Out; C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-25 401408]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-04-14 114753]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-04-14 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-04-14 540745]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-03-13 75304]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
NJDE SE PRIPOJIT K NETU A NEFUNGUJE ANI PING
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: NJDE SE PRIPOJIT K NETU A NEFUNGUJE ANI PING
ComboFix 10-04-12.06 - VondraBorec 13.04.2010 15:43:11.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.588 [GMT 2:00]
Spuštěný z: c:\documents and settings\VondraBorec\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100325-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 13:52 . 2008-02-10 15:40 131246112 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-13 13:49 . 2008-02-10 15:40 1544216 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-04 20:35 . 2008-10-01 19:51 -------- d-----w- c:\program files\Jesusonic
2010-03-28 15:35 . 2001-10-25 12:00 70304 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 15:35 . 2001-10-25 12:00 393430 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 08:50 . 2008-07-22 19:05 -------- d-----w- c:\program files\Opera
2010-02-27 17:02 . 2010-02-09 10:14 -------- d-----w- c:\program files\Free Video Converter
2010-02-24 21:29 . 2010-02-24 21:28 -------- d-----w- c:\program files\JPGVideo
2010-02-24 09:04 . 2008-02-09 12:06 -------- d-----w- c:\program files\totalcmd
2010-02-21 09:15 . 2010-02-21 09:15 -------- d-----w- c:\program files\Jalbum
.
------- Sigcheck -------
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 19:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-07-28 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-03-19 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9.2.2008 13:39 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9.2.2008 13:39 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.4.2008 18:01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.4.2008 18:01 20560]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [8.2.2008 19:12 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [8.2.2008 19:12 8064]
S2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [9.2.2008 15:42 54784]
S3 CEUSBAUD;Lambda MIDI Device;c:\windows\system32\drivers\ceusbaud.sys [8.11.2007 22:51 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [8.11.2007 22:51 10880]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2.4.2009 6:59 54400]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4.11.2009 18:39 18432]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ihned.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {0A74AC6D-643F-4CDA-B7BC-34CE076882BF} = 217.11.224.1,217.11.224.2
TCP: {A1172B69-64AB-4BF7-90BC-5810E7B7F2EE} = 217.11.224.1,217.11.224.2
FF - ProfilePath - c:\documents and settings\VondraBorec\Data aplikací\Mozilla\Firefox\Profiles\k188xm63.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=DWGTrueViewScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-<NO NAME> - (no file)
AddRemove-Bua.exe6.20.4.0 - c:\dds32\BuaUninst.isu
AddRemove-DdsDds.drc6.20.0.0 - c:\dds32\GdpUninst.isu
AddRemove-UtlPltw.exe5.13.0.0 - c:\dds32\UtlUninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 15:51
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86486580]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763ffc3
\Driver\ACPI -> ACPI.sys @ 0xf748acb8
\Driver\atapi -> 0x86486580
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582384
ParseProcedure -> ntkrnlpa.exe @ 0x8058147e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582384
ParseProcedure -> ntkrnlpa.exe @ 0x8058147e
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=expand:"%systemroot%\\system32\\dumprep 0 -k"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2928)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\MSCTF.dll
c:\windows\system32\msls31.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 15:55:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 13:55
Před spuštěním: Volných bajtů: 32 228 167 680
Po spuštění: Volných bajtů: 32 295 313 408
- - End Of File - - 2485D08953DCF69C2E13072707EFD908
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.588 [GMT 2:00]
Spuštěný z: c:\documents and settings\VondraBorec\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100325-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 13:52 . 2008-02-10 15:40 131246112 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-13 13:49 . 2008-02-10 15:40 1544216 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-04 20:35 . 2008-10-01 19:51 -------- d-----w- c:\program files\Jesusonic
2010-03-28 15:35 . 2001-10-25 12:00 70304 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 15:35 . 2001-10-25 12:00 393430 ----a-w- c:\windows\system32\perfh005.dat
2010-03-26 08:50 . 2008-07-22 19:05 -------- d-----w- c:\program files\Opera
2010-02-27 17:02 . 2010-02-09 10:14 -------- d-----w- c:\program files\Free Video Converter
2010-02-24 21:29 . 2010-02-24 21:28 -------- d-----w- c:\program files\JPGVideo
2010-02-24 09:04 . 2008-02-09 12:06 -------- d-----w- c:\program files\totalcmd
2010-02-21 09:15 . 2010-02-21 09:15 -------- d-----w- c:\program files\Jalbum
.
------- Sigcheck -------
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 19:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-07-28 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-03-19 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [9.2.2008 13:39 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [9.2.2008 13:39 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3.4.2008 18:01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.4.2008 18:01 20560]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [8.2.2008 19:12 1056512]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [8.2.2008 19:12 8064]
S2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [9.2.2008 15:42 54784]
S3 CEUSBAUD;Lambda MIDI Device;c:\windows\system32\drivers\ceusbaud.sys [8.11.2007 22:51 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [8.11.2007 22:51 10880]
S3 RT-USB;Ross-Tech USB driver;c:\windows\system32\drivers\RT-USB.SYS [2.4.2009 6:59 54400]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [4.11.2009 18:39 18432]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.ihned.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {0A74AC6D-643F-4CDA-B7BC-34CE076882BF} = 217.11.224.1,217.11.224.2
TCP: {A1172B69-64AB-4BF7-90BC-5810E7B7F2EE} = 217.11.224.1,217.11.224.2
FF - ProfilePath - c:\documents and settings\VondraBorec\Data aplikací\Mozilla\Firefox\Profiles\k188xm63.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=DWGTrueViewScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-<NO NAME> - (no file)
AddRemove-Bua.exe6.20.4.0 - c:\dds32\BuaUninst.isu
AddRemove-DdsDds.drc6.20.0.0 - c:\dds32\GdpUninst.isu
AddRemove-UtlPltw.exe5.13.0.0 - c:\dds32\UtlUninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 15:51
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86486580]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763ffc3
\Driver\ACPI -> ACPI.sys @ 0xf748acb8
\Driver\atapi -> 0x86486580
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582384
ParseProcedure -> ntkrnlpa.exe @ 0x8058147e
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582384
ParseProcedure -> ntkrnlpa.exe @ 0x8058147e
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=expand:"%systemroot%\\system32\\dumprep 0 -k"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2928)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
c:\windows\system32\MSCTF.dll
c:\windows\system32\msls31.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Celkový čas: 2010-04-13 15:55:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-13 13:55
Před spuštěním: Volných bajtů: 32 228 167 680
Po spuštění: Volných bajtů: 32 295 313 408
- - End Of File - - 2485D08953DCF69C2E13072707EFD908
Re: NJDE SE PRIPOJIT K NETU A NEFUNGUJE ANI PING
Dobrý večer 
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)
Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
stáhněte MBR
http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
start-spustit
do okénka zkopírujte
ok
vytvoří se log s názvem mbr.log, vložte ho zde
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol) Stáhněte SPTD http://www.duplexsecure.com/en/downloads-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spusťte gmer
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
stáhněte MBR http://www2.gmer.net/mbr/mbr.exe
-uložte ho na plochu
start-spustit do okénka zkopírujte
Kód: Vybrat vše
"%userprofile%\plocha\mbr" -tNepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?