Internet jede ale tak napul.

Problémy s internetovými stránkami, internetovým prohlížečem atpod.

Moderátor: Mods_senior

Odpovědět
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Internet jede ale tak napul.

Příspěvekod Damned » 08 srp 2009 03:19

Zkus ho stáhnout, je to z ftp a mě to jde.

To "code musí být v jednom řádku a mezera je mezi : regeditmezera/emezera"c:\...."mezera"HKEY......................................"

Před regedit mezera není, musí to být v jednom řádku a ne odenterovaný pod sebe
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Reklama
Top
Cerb
nováček
Příspěvky: 26
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Internet jede ale tak napul.

Příspěvekod Cerb » 08 srp 2009 13:29

T-Cleaner.exe;C:\Documents and Settings\Administrator\My Documents;Trojan.StartPage.21667;Smazán.;

To je vse a ten textak se mi nevztvori a jsem si jisty ze to pisu dobre pro jistotu jsem si to nakopiroval nejdrive do textaku abych zkontroloval jestli tam nejsou mezery navic a az pak jsem to tam dal a nic :-( . A ten dr web mi musel stahnout kamos a uploadnout nekde a aktualizace mi nesla protoze to zase odkazuje na tu stranku.
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Internet jede ale tak napul.

Příspěvekod Damned » 08 srp 2009 15:05

Prozatím zkus tedy Dr. Weba v nouzovém režimu s prací v síti.

Pak si stáhni RootRepeal .
Proskenuj jednotlivé sekce a dej mi sem z každé log (Save log a zkopíruj mi ho sem).
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Cerb
nováček
Příspěvky: 26
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Internet jede ale tak napul.

Příspěvekod Cerb » 08 srp 2009 15:41

Tak ten dr web nic nenasel a tady jsou ty logy ale nevedel jsem jestli to mam delat taky v nouzovem rezimu ale delal jsem to vnem.
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Internet jede ale tak napul.

Příspěvekod Damned » 08 srp 2009 16:09

Aktualizuj MbAM, spusť ho a dej mi sem log. V normálním režimu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Cerb
nováček
Příspěvky: 26
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Internet jede ale tak napul.

Příspěvekod Cerb » 08 srp 2009 16:19

A auktualizaci bohuzel neudelam brani mi v tom ten trojan ale mam database version:2551

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8.8.2009 16:17:51
mbamlog

Scan type: Quick Scan
Objects scanned: 89423
Time elapsed: 1 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{758cd463-497d-4e8b-94c2-508262794d3c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{758cd463-497d-4e8b-94c2-508262794d3c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{758cd463-497d-4e8b-94c2-508262794d3c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.224 85.255.112.64 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Internet jede ale tak napul.

Příspěvekod Damned » 08 srp 2009 16:40

Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\regla.txt" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"

Klikni na OK.
V "C:\" se ti objeví texťák "regla.txt", zkopíruj mi ho sem.
*****************************************************************************************************************************************
Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\regl.txt" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters"

Klikni na OK.
V "C:\" se ti objeví texťák "regl.txt", zkopíruj mi ho sem.
*****************************************************************************************************************************************
Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\regle.txt" "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters"

Klikni na OK.
V "C:\" se ti objeví texťák "regle.txt", zkopíruj mi ho sem.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Cerb
nováček
Příspěvky: 26
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Internet jede ale tak napul.

Příspěvekod Cerb » 08 srp 2009 16:43

regl

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
"NV Hostname"="experien-511322"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="experien-511322"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"DhcpNameServer"="85.255.112.224 85.255.112.64"
"DhcpDomain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,44,00,33,00,43,00,46,00,46,00,\
46,00,42,00,2d,00,43,00,35,00,45,00,36,00,2d,00,34,00,45,00,46,00,33,00,2d,\
00,41,00,43,00,44,00,38,00,2d,00,45,00,43,00,30,00,41,00,34,00,44,00,31,00,\
30,00,39,00,30,00,39,00,38,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,38,\
00,32,00,36,00,31,00,46,00,44,00,36,00,2d,00,42,00,31,00,43,00,38,00,2d,00,\
34,00,38,00,37,00,38,00,2d,00,41,00,39,00,44,00,39,00,2d,00,45,00,31,00,45,\
00,35,00,35,00,41,00,46,00,33,00,34,00,34,00,32,00,45,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:fb,ff,3c,0d,e6,c5,f3,4e,ac,d8,ec,0a,4d,10,90,98,d6,1f,26,08,\
c8,b1,78,48,a9,d9,e1,e5,5a,f3,44,2e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{758CD463-497D-4E8B-94C2-508262794D3C}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,35,00,38,00,43,00,44,00,34,00,\
36,00,33,00,2d,00,34,00,39,00,37,00,44,00,2d,00,34,00,45,00,38,00,42,00,2d,\
00,39,00,34,00,43,00,32,00,2d,00,35,00,30,00,38,00,32,00,36,00,32,00,37,00,\
39,00,34,00,44,00,33,00,43,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08261FD6-B1C8-4878-A9D9-E1E55AF3442E}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0D3CFFFB-C5E6-4EF3-ACD8-EC0A4D109098}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{758CD463-497D-4E8B-94C2-508262794D3C}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="192.168.0.141"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.0.1"
"Lease"=dword:00093a80
"LeaseObtainedTime"=dword:4a7d906a
"T1"=dword:4a822daa
"T2"=dword:4a847c4a
"LeaseTerminatesTime"=dword:4a86caea
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpRetryTime"=dword:00049d3e
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="85.255.112.224 85.255.112.64"
"DhcpDomain"=""
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,30,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

regla

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"NV Hostname"="experien-511322"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="experien-511322"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"DhcpNameServer"="85.255.112.224 85.255.112.64"
"DhcpDomain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,44,00,33,00,43,00,46,00,46,00,\
46,00,42,00,2d,00,43,00,35,00,45,00,36,00,2d,00,34,00,45,00,46,00,33,00,2d,\
00,41,00,43,00,44,00,38,00,2d,00,45,00,43,00,30,00,41,00,34,00,44,00,31,00,\
30,00,39,00,30,00,39,00,38,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,38,\
00,32,00,36,00,31,00,46,00,44,00,36,00,2d,00,42,00,31,00,43,00,38,00,2d,00,\
34,00,38,00,37,00,38,00,2d,00,41,00,39,00,44,00,39,00,2d,00,45,00,31,00,45,\
00,35,00,35,00,41,00,46,00,33,00,34,00,34,00,32,00,45,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:fb,ff,3c,0d,e6,c5,f3,4e,ac,d8,ec,0a,4d,10,90,98,d6,1f,26,08,\
c8,b1,78,48,a9,d9,e1,e5,5a,f3,44,2e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{758CD463-497D-4E8B-94C2-508262794D3C}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,35,00,38,00,43,00,44,00,34,00,\
36,00,33,00,2d,00,34,00,39,00,37,00,44,00,2d,00,34,00,45,00,38,00,42,00,2d,\
00,39,00,34,00,43,00,32,00,2d,00,35,00,30,00,38,00,32,00,36,00,32,00,37,00,\
39,00,34,00,44,00,33,00,43,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08261FD6-B1C8-4878-A9D9-E1E55AF3442E}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0D3CFFFB-C5E6-4EF3-ACD8-EC0A4D109098}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{758CD463-497D-4E8B-94C2-508262794D3C}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="192.168.0.141"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.0.1"
"Lease"=dword:00093a80
"LeaseObtainedTime"=dword:4a7d906a
"T1"=dword:4a822daa
"T2"=dword:4a847c4a
"LeaseTerminatesTime"=dword:4a86caea
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpRetryTime"=dword:00049d3e
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="85.255.112.224 85.255.112.64"
"DhcpDomain"=""
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,30,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

regle
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
"NV Hostname"="experien-511322"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="experien-511322"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"DhcpNameServer"="85.255.112.224 85.255.112.64"
"DhcpDomain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,44,00,33,00,43,00,46,00,46,00,\
46,00,42,00,2d,00,43,00,35,00,45,00,36,00,2d,00,34,00,45,00,46,00,33,00,2d,\
00,41,00,43,00,44,00,38,00,2d,00,45,00,43,00,30,00,41,00,34,00,44,00,31,00,\
30,00,39,00,30,00,39,00,38,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,38,\
00,32,00,36,00,31,00,46,00,44,00,36,00,2d,00,42,00,31,00,43,00,38,00,2d,00,\
34,00,38,00,37,00,38,00,2d,00,41,00,39,00,44,00,39,00,2d,00,45,00,31,00,45,\
00,35,00,35,00,41,00,46,00,33,00,34,00,34,00,32,00,45,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:fb,ff,3c,0d,e6,c5,f3,4e,ac,d8,ec,0a,4d,10,90,98,d6,1f,26,08,\
c8,b1,78,48,a9,d9,e1,e5,5a,f3,44,2e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Adapters\{758CD463-497D-4E8B-94C2-508262794D3C}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,37,00,35,00,38,00,43,00,44,00,34,00,\
36,00,33,00,2d,00,34,00,39,00,37,00,44,00,2d,00,34,00,45,00,38,00,42,00,2d,\
00,39,00,34,00,43,00,32,00,2d,00,35,00,30,00,38,00,32,00,36,00,32,00,37,00,\
39,00,34,00,44,00,33,00,43,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{08261FD6-B1C8-4878-A9D9-E1E55AF3442E}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0D3CFFFB-C5E6-4EF3-ACD8-EC0A4D109098}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{758CD463-497D-4E8B-94C2-508262794D3C}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpIPAddress"="192.168.0.141"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.0.1"
"Lease"=dword:00093a80
"LeaseObtainedTime"=dword:4a7d906a
"T1"=dword:4a822daa
"T2"=dword:4a847c4a
"LeaseTerminatesTime"=dword:4a86caea
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpRetryTime"=dword:00049d3e
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="85.255.112.224 85.255.112.64"
"DhcpDomain"=""
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,30,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Internet jede ale tak napul.

Příspěvekod Damned » 08 srp 2009 17:19

Stáhni si http://downloads.andymanchesta.com/RemovalTools/SDFix_ReadMe.htm. Spusť ho. SDFix se ti rozbalí do adresáře C:\SDFix.
Restartuj do Nouzového režimu s prací v síti. Otevři složku C:\SDFix a spusť aplikaci RunThis.bat
(aplikace běží v příkazovém řádku, po spuštění se zobrazí jeho okno s volbou ke spuštění - klasický IQ test Y=yes, N=no).
Po ukončení skenu tě SDFix vyzve ke stisku jakékoli klávesy k potvrzení restartu.
Poté se zobrazí okno, že generuje log, okno se zavře a log se zobrazí. Pokud zavřeš i texťák, najdeš ho v C:\SDFix\Report.txt.
Ten mi sem vlož.
*****************************************************************************************************************************************
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

[b]Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna.


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

DirLook::
C:\WINDOWS\system32\drivers\etc



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Cerb
nováček
Příspěvky: 26
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Internet jede ale tak napul.

Příspěvekod Cerb » 08 srp 2009 17:51

SDFix: Version 1.240
Run by Administrator on so 08.08.2009 at 17:42

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 17:43:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :


Finished!





ComboFix 09-08-07.09 - Administrator 08.08.2009 17:48.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.735 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.

2009-08-08 16:41 . 2009-08-08 16:41 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-08-08 16:41 . 2009-08-08 16:41 -------- d-----w- c:\windows\ERUNT
2009-08-08 12:10 . 2009-08-08 12:10 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-08-08 01:06 . 2008-08-08 06:04 545 ----a-w- c:\windows\UC.PIF
2009-08-08 01:06 . 2008-08-08 06:04 545 ----a-w- c:\windows\RAR.PIF
2009-08-08 01:06 . 2008-08-08 06:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-08-08 01:06 . 2008-08-08 06:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-08-08 01:06 . 2008-08-08 06:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-08-08 01:06 . 2008-08-08 06:04 545 ----a-w- c:\windows\LHA.PIF
2009-08-08 01:06 . 2008-08-08 06:04 545 ----a-w- c:\windows\ARJ.PIF
2009-08-08 00:19 . 2009-08-08 00:19 -------- d-----w- C:\rsit
2009-08-07 20:12 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-07 20:12 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-07 20:12 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-07 20:12 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-07 20:12 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-07 20:12 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-07 20:12 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-07 20:12 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-07 20:11 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-07 20:11 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-07 20:11 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-07 20:11 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-08-07 19:03 . 2009-08-07 19:03 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-07 18:22 . 2009-08-07 18:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2009-08-07 18:20 . 2009-08-07 18:20 0 ----a-w- c:\windows\nsreg.dat
2009-08-07 18:20 . 2009-08-07 18:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-08-07 18:09 . 2009-08-07 20:15 -------- d-----w- c:\program files\trend micro
2009-08-07 16:51 . 2009-08-07 16:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-08-07 16:51 . 2009-08-07 16:51 -------- d-----w- c:\program files\Google
2009-08-07 16:51 . 2009-08-07 16:51 1962544 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-08-07 16:51 . 2009-08-07 16:51 1886320 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe
2009-08-07 16:51 . 2009-08-07 17:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2009-08-07 16:51 . 2009-08-07 17:07 -------- d-----w- c:\program files\NOS
2009-08-07 16:39 . 2009-08-07 16:39 -------- d-----w- c:\windows\system32\xircom
2009-08-07 16:39 . 2009-08-07 16:39 -------- d-----w- c:\windows\system32\wbem\snmp
2009-08-07 16:39 . 2009-08-07 16:39 -------- d-----w- c:\program files\microsoft frontpage
2009-08-07 16:34 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-08-07 16:34 . 2008-03-21 01:36 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-08-07 16:33 . 2008-03-20 19:33 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-08-07 16:32 . 2008-03-21 01:36 74240 ----a-w- c:\windows\system32\usbui.dll
2009-08-07 16:30 . 2009-08-07 16:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-07 16:30 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-07 16:30 . 2009-08-07 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 16:30 . 2009-08-07 16:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-07 16:30 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-07 16:28 . 2006-06-19 03:37 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2009-08-07 16:27 . 2009-08-07 16:27 -------- d-----w- C:\D
2009-08-07 16:27 . 2009-08-07 16:26 -------- d--h--w- c:\documents and settings\Default User.WINDOWS
2009-08-07 16:27 . 2009-08-07 15:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS
2009-08-07 16:20 . 2009-08-07 16:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ventrilo
2009-08-07 16:18 . 2009-08-07 16:18 -------- d-----w- c:\windows\system32\Lang
2009-08-07 16:16 . 2008-01-03 14:10 105856 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2009-08-07 16:13 . 2008-04-10 08:52 16861184 ------r- c:\windows\RTHDCPL.exe
2009-08-07 16:13 . 2007-06-28 08:44 2165760 ------r- c:\windows\MicCal.exe
2009-08-07 16:13 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
2009-08-07 16:13 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe
2009-08-07 16:13 . 2009-08-07 16:13 -------- d-----w- c:\program files\Realtek
2009-08-07 16:12 . 2009-08-07 16:12 315392 ----a-w- c:\windows\HideWin.exe
2009-08-07 16:12 . 2008-03-05 10:07 520192 ------r- c:\windows\RtlExUpd.dll
2009-08-07 16:12 . 2009-08-07 16:12 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-07 16:12 . 2009-08-07 16:12 -------- d-----w- c:\program files\AMD
2009-08-07 16:11 . 2009-08-07 16:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-08-07 16:11 . 2008-01-10 06:30 442368 ----a-r- c:\windows\system32\nvusmb.exe
2009-08-07 16:11 . 2008-03-06 15:23 442368 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-07 16:05 . 2009-08-07 20:13 -------- d-sh--w- c:\windows\Installer
2009-08-07 16:05 . 2009-08-07 21:37 -------- d-----r- C:\Program Files
2009-08-07 16:03 . 2009-08-08 16:48 -------- d-----w- c:\windows\system32\CatRoot2
2009-08-07 16:03 . 2009-08-07 16:03 -------- d-----w- c:\windows\system32\CatRoot
2009-08-07 16:02 . 2009-08-07 16:29 -------- d--h--w- c:\documents and settings\Default User
2009-08-07 16:02 . 2009-08-07 16:04 -------- d-----w- c:\documents and settings\All Users
2009-08-07 16:02 . 2009-08-07 15:40 -------- d-----w- C:\Documents and Settings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 16:22 . 2009-08-07 15:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-08 16:22 . 2009-08-07 15:38 2850 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-08-07 16:13 . 2009-08-07 15:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-07 16:12 . 2009-08-07 15:45 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-07 15:46 . 2009-08-07 15:46 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-07 15:38 . 2009-08-07 15:38 8738 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-08-07 15:36 . 2009-08-07 15:36 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\drivers\etc ----

2008-05-03 12:00 . 2009-08-08 16:42 686 ----a-w- c:\windows\system32\drivers\etc\HOSTS
2008-05-03 12:00 . 2008-05-03 12:00 3683 ----a-w- c:\windows\system32\drivers\etc\lmhosts.sam
2008-05-03 12:00 . 2008-05-03 12:00 407 ----a-w- c:\windows\system32\drivers\etc\networks
2008-05-03 12:00 . 2008-05-03 12:00 799 ----a-w- c:\windows\system32\drivers\etc\protocol
2008-05-03 12:00 . 2008-05-03 12:00 7116 ----a-w- c:\windows\system32\drivers\etc\services


------- Sigcheck -------

[-] 2008-05-03 12:00 361344 37D8387CBD4437C55F454209BE10EF11 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/7/2009 9:12 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/7/2009 9:12 PM 20560]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\umiv9naa.default\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 17:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-08 17:50
ComboFix-quarantined-files.txt 2009-08-08 16:50
ComboFix2.txt 2009-08-07 21:30

Pre-Run: 22 371 434 496 bytes free
Post-Run: 22 433 386 496 bytes free

209
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Internet jede ale tak napul.

Příspěvekod Damned » 08 srp 2009 18:19

Ještě tam je? SDFix nastavil výchozí hodnoty.

Složku c:\windows\system32\drivers\etc zabal do archívu a přilož mi jí sem.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Cerb
nováček
Příspěvky: 26
Registrován: srpen 09
Pohlaví: Muž
Stav:
Offline

Re: Internet jede ale tak napul.

Příspěvekod Cerb » 08 srp 2009 18:29

No uz to vypadalo ze to zabralo protoze po restartu sel internet pak jsem asi na 25min odesel od pc cekal jsem na tvoji odpoved a internet zniceho nic nefunguje tak restart a je tu zas. ETC
Nahoru
Odpovědět
  • Mohlo by vás zajímat
    Odpovědi
    Zobrazení
    Poslední příspěvek
  • Hyperx cloud stinger 2 core na pc. Jede jen jedno 1 jack
    od pidlo » 15 dub 2025 19:09 » v Vše ostatní (hw)
    9
    1922
    od pidlo Zobrazit poslední příspěvek
    17 dub 2025 15:42
  • 1000 Mb/s internet + stolní PC s Wi-Fi Příloha(y)
    od WolfGunCZ » 09 srp 2024 18:54 » v Vše ostatní (inet)
    6
    4660
    od meda2016 Zobrazit poslední příspěvek
    14 srp 2024 12:30
  • Nefunkční internet po výpadku proudu
    od Neferivet » 15 zář 2024 23:31 » v Sítě - hardware
    2
    2975
    od Alferi Zobrazit poslední příspěvek
    16 zář 2024 08:53
  • Padá internet, vadný modem?
    od Signalista97 » 03 říj 2024 18:45 » v Sítě - hardware
    3
    3042
    od Signalista97 Zobrazit poslední příspěvek
    04 říj 2024 17:44
  • Náhrada za Windows 7, Windows XP pro MS Office a internet CZ - Obdobný podobný Windows 7 OS pro 64bit. a 32bit. PC
    od IMB » 28 črc 2024 15:25 » v LiNuX a ostatní alternativní OS
    6
    7849
    od zeus Zobrazit poslední příspěvek
    05 srp 2024 15:30

Zpět na “Internet a internetové prohlížeče”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů