nelze se spojit s ovladacem protokolu IP

tre-SKA · Příspěvekod **tre-SKA** » 05 srp 2009 12:16

cafko nejde mi siet... ked dam ping nejakej IP tak mi napise toto: Nelze se spojit s ovladačem protokolu IP. Chybový kód 2.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:39, on 5.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NOD\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fns.uniba.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\NOD\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CCBA22-166E-472C-9E0E-BC81CBD5BCD5}: NameServer = 158.195.40.1,158.195.2.2
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Služba modelu COM pro zápis na disk CD (IMAPI) ImapiServiceWZCSVC (ImapiServiceWZCSVC) - Unknown owner - .exe (file missing)
O23 - Service: Koordinátor DTC MSDTCMSDTC (MSDTCMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\NOD\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Nepřerušitelný zdroj napájení (UPS) UPSHidServ (UPSHidServ) - Unknown owner - .exe (file missing)
O23 - Service: Systémový čas W32TimeSchedule (W32TimeSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Webový klient WebClientFastUserSwitchingCompatibility (WebClientFastUserSwitchingCompatibility) - Unknown owner - .exe (file missing)
O23 - Service: Adaptér výkonu služby WMI WmiApSrvBrowser (WmiApSrvBrowser) - Unknown owner - .exe (file missing)

--
End of file - 5757 bytes

Malwarebytes' Anti-Malware 1.36
Verze databáze: 1945
Windows 5.1.2600 Service Pack 3

5.8.2009 11:06:29
mbam-log-2009-08-05 (11-06-19).txt

Typ skenu: Rychlý sken
Objektu skenováno: 65534
Uplynulý cas: 4 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 5
Infikované hodnoty registru: 14
Infikované položky dat registru: 15
Infikované složky: 0
Infikované soubory: 7

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\y456.y456mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\y456.y456mgr.1 (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> No action taken.

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\winfj04.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wpv373.cpx (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wpv8511.cpx (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> No action taken.

Reklama

Damned · Příspěvekod **Damned** » 05 srp 2009 15:45

No nazdar, zkusit se to může.
Spusť HJT, vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only", zatrhnout políčko
před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Služba modelu COM pro zápis na disk CD (IMAPI) ImapiServiceWZCSVC (ImapiServiceWZCSVC) - Unknown owner - .exe (file missing)
O23 - Service: Koordinátor DTC MSDTCMSDTC (MSDTCMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: Nepřerušitelný zdroj napájení (UPS) UPSHidServ (UPSHidServ) - Unknown owner - .exe (file missing)
O23 - Service: Systémový čas W32TimeSchedule (W32TimeSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Webový klient WebClientFastUserSwitchingCompatibility (WebClientFastUserSwitchingCompatibility) - Unknown owner - .exe (file missing)
O23 - Service: Adaptér výkonu služby WMI WmiApSrvBrowser (WmiApSrvBrowser) - Unknown owner - .exe (file missing)
*****************************************************************************************************************************************
Až uděláš:
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

tre-SKA · Příspěvekod **tre-SKA** » 06 srp 2009 12:41

ComboFix 09-08-04.04 - D51s 06.08.2009 12:22.1.1 - NTFSx86
Spuštěný z: c:\documents and settings\D51s\Plocha\ComboFix.exe
* Rezidentní štít AV je zapnutý

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\D51s\Local Settings\Temporary Internet Files\wdict32.INI
c:\recycler\S-1-5-21-1876174573-1271050016-3632931590-1003
c:\recycler\S-1-5-21-530353895-864215406-132850366-1005
c:\windows\wiaservb.log

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-06 do 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-05 09:01 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 09:00 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 09:00 . 2009-08-05 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 08:59 . 2009-08-05 08:59 -------- d-----w- c:\program files\Trend Micro
2009-08-05 08:49 . 2008-04-14 06:52 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-08-05 08:49 . 2008-04-14 06:52 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-08-05 08:49 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-08-05 08:47 . 2008-04-13 20:04 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2009-08-05 08:46 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-08-05 08:45 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-08-05 08:44 . 2001-10-24 10:24 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-08-05 08:43 . 2001-10-24 10:25 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-08-05 08:42 . 2001-08-17 19:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-08-05 08:42 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-08-05 08:42 . 2001-10-24 10:24 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2009-08-05 08:42 . 2001-08-17 18:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2009-08-05 08:42 . 2001-10-24 10:04 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2009-08-05 08:42 . 2001-08-17 18:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2009-08-05 08:42 . 2001-08-17 19:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2009-08-05 08:42 . 2008-04-13 22:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2009-08-05 08:42 . 2008-04-13 22:06 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2009-08-05 08:42 . 2001-10-24 10:25 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2009-08-05 08:42 . 2001-10-24 10:25 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2009-08-05 08:42 . 2001-10-24 10:25 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2009-08-05 08:42 . 2001-10-24 10:25 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2009-08-05 08:40 . 2001-08-17 18:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-08-05 08:40 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-08-05 08:40 . 2001-10-24 10:02 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-08-05 08:40 . 2008-04-13 22:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-08-05 08:40 . 2001-08-17 19:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-08-05 08:40 . 2001-08-17 19:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-08-05 08:40 . 2001-10-24 10:02 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-08-05 08:40 . 2001-10-24 10:02 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-08-05 08:40 . 2001-08-17 19:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-08-05 08:40 . 2001-10-24 10:01 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2009-08-05 08:40 . 2008-04-13 22:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2009-08-05 08:38 . 2001-10-24 10:25 9728 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-08-05 08:37 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2009-08-05 08:36 . 2001-08-17 20:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2009-08-05 08:35 . 2001-08-17 20:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2009-08-05 08:35 . 2001-10-24 09:50 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2009-08-05 08:35 . 2001-10-24 09:50 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2009-08-05 08:35 . 2001-08-17 18:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-08-05 08:35 . 2001-08-17 18:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-08-05 08:35 . 2008-04-13 22:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2009-08-05 08:35 . 2001-08-17 18:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-08-05 08:35 . 2001-10-24 10:24 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-08-05 08:35 . 2008-04-14 06:06 2025984 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-05 08:35 . 2001-08-17 18:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-08-05 08:34 . 2001-10-24 09:44 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-08-05 08:34 . 2001-08-17 19:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-08-05 08:34 . 2008-04-13 22:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-08-05 08:34 . 2001-08-17 18:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-08-05 08:34 . 2001-08-17 18:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-08-05 08:34 . 2001-08-17 18:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-08-05 08:34 . 2008-04-14 06:04 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-08-05 08:34 . 2001-10-24 09:42 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2009-08-05 08:32 . 2001-08-17 20:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-08-05 08:31 . 2001-10-24 10:24 58880 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2009-08-05 08:30 . 2001-08-17 19:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-08-05 08:29 . 2001-10-24 10:24 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2009-08-05 08:28 . 2001-10-24 10:24 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-08-05 08:27 . 2001-10-24 09:58 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2009-08-05 08:26 . 2001-08-17 18:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2009-08-05 08:25 . 2001-10-24 09:48 173568 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2009-08-05 08:24 . 2001-10-24 10:25 618525 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2009-08-05 08:23 . 2001-08-17 18:19 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
2009-08-05 08:22 . 2001-10-24 09:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-08-05 08:21 . 2001-10-24 10:24 382592 -c--a-w- c:\windows\system32\dllcache\atidrab.dll
2009-08-05 08:20 . 2001-10-24 10:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-08-05 08:20 . 2008-04-14 06:06 2147328 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 12:47 . 2008-04-14 06:51 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2009-08-04 12:44 . 2007-08-10 18:43 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-04 12:42 . 2009-08-04 12:42 -------- d-----w- c:\windows\EHome
2009-08-04 12:27 . 2009-08-04 12:27 -------- d-----w- c:\program files\XP TCPIP Repair
2009-08-04 10:34 . 2009-08-04 10:34 -------- d-----w- c:\program files\Lavalys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 08:07 . 2004-08-18 12:00 47040 ----a-w- c:\windows\system32\perfc005.dat
2009-08-05 08:07 . 2004-08-18 12:00 312894 ----a-w- c:\windows\system32\perfh005.dat
2009-08-05 08:06 . 2006-11-13 08:57 -------- d-----w- c:\program files\Intel
2009-08-04 12:50 . 2006-11-13 08:31 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-04 12:50 . 2006-11-13 08:31 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-02 08:50 . 2009-07-02 08:45 -------- d-----w- c:\program files\Common Files\Nikon
2009-07-02 08:49 . 2009-07-02 08:45 -------- d-----w- c:\program files\Nikon
2009-07-02 08:46 . 2009-07-02 08:46 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-02 08:45 . 2003-03-17 21:00 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-07-02 08:45 . 2006-11-13 08:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 08:44 . 2009-07-02 08:44 -------- d-----w- c:\program files\QuickTime
2009-07-02 08:44 . 2009-07-02 08:44 -------- d-----w- c:\program files\ArcSoft
2009-07-02 08:44 . 2006-11-13 08:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 07:30 . 2007-04-02 12:01 256712 ----a-w- c:\windows\system32\Prounstl.exe
2009-06-24 06:24 . 2009-06-24 06:24 184320 ----a-w- c:\windows\system32\Ncs2Setp.dll
2009-06-24 06:15 . 2009-06-24 06:15 764536 ----a-w- c:\windows\system32\ncs2dmix.dll
2009-06-24 06:15 . 2009-06-24 06:15 539256 ----a-w- c:\windows\system32\accesor.dll
2009-06-24 05:55 . 2009-06-24 05:55 141944 ----a-w- c:\windows\system32\ncs2instutility.dll
2009-06-24 05:46 . 2009-06-24 05:46 1620600 ----a-w- c:\windows\system32\ncscolib.dll
2009-06-23 22:54 . 2009-06-23 22:54 30880 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2009-05-20 05:56 . 2009-05-20 05:56 116360 ----a-w- c:\windows\system32\drivers\ianswxp.sys
.

------- Sigcheck -------

[7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\system32\dllcache\tcpip.sys

.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"nod32kui"="c:\program files\NOD\nod32kui.exe" [2007-11-28 949376]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfj04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winim61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx48.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [28.11.2007 16:36 15424]
S0 Winfj04;Winfj04;c:\windows\system32\Drivers\Winfj04.sys --> c:\windows\system32\Drivers\Winfj04.sys [?]
S0 Winim61;Winim61;c:\windows\system32\Drivers\Winim61.sys --> c:\windows\system32\Drivers\Winim61.sys [?]
S0 Winot61;Winot61;c:\windows\system32\Drivers\Winot61.sys --> c:\windows\system32\Drivers\Winot61.sys [?]
S0 Winqx04;Winqx04;c:\windows\system32\Drivers\Winqx04.sys --> c:\windows\system32\Drivers\Winqx04.sys [?]
S0 Winrx48;Winrx48;c:\windows\system32\Drivers\Winrx48.sys --> c:\windows\system32\Drivers\Winrx48.sys [?]
S2 ImapiServiceWZCSVC;Služba modelu COM pro zápis na disk CD (IMAPI) ImapiServiceWZCSVC; srv --> srv [?]
S2 MSDTCMSDTC;Koordinátor DTC MSDTCMSDTC; srv --> srv [?]
S2 UPSHidServ;Nepřerušitelný zdroj napájení (UPS) UPSHidServ; srv --> srv [?]
S2 W32TimeSchedule;Systémový čas W32TimeSchedule; srv --> srv [?]
S2 WebClientFastUserSwitchingCompatibility;Webový klient WebClientFastUserSwitchingCompatibility; srv --> srv [?]
S2 WmiApSrvBrowser;Adaptér výkonu služby WMI WmiApSrvBrowser; srv --> srv [?]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {87CCBA22-166E-472C-9E0E-BC81CBD5BCD5} = 158.195.40.1,158.195.2.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 12:29
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiServiceWZCSVC]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTCMSDTC]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPSHidServ]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32TimeSchedule]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientFastUserSwitchingCompatibility]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvBrowser]
"ImagePath"=" srv"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\NOD\nod32krn.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-06 12:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-06 10:31

Před spuštěním: Volných bajtů: 13 726 744 576
Po spuštění: Volných bajtů: 13 781 311 488

210

Damned · Příspěvekod **Damned** » 06 srp 2009 16:24

Stáhni si AVZ a Dial-a-fix

Stažený AVZ rozbal třeba na Ploše. Otevři složku avz4 a spusť AVZ.exe. Spodním tlačítkem na pravé straně aktualizuj AVZ.
Po aktualizaci zaškrtní disk C, a na záložce "Search parametres" zaškrtni všechny políčka (kromě Extended analysis).
Spusť sken tlačítkem Start, kliknutím na disketu ulož log a ten mi sem zkopíruj.

tre-SKA · Příspěvekod **tre-SKA** » 07 srp 2009 10:30

Attention !!! Database was last updated 8.2.2009 it is necessary to update the bases using automatic updates (File/Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 7.8.2009 10:02:42
Database loaded: signatures - 209302, NN profile(s) - 2, microprograms of healing - 56, signature database released 08.02.2009 18:56
Heuristic microprograms loaded: 372
SPV microprograms loaded: 9
Digital signatures of system files loaded: 91560
Heuristic analyzer mode: Maximum heuristics level
Healing mode: disabled
Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=083220)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 8055A220
KiST = 804E26A8 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
Checking - complete
2. Scanning memory
Number of processes found: 27
Number of modules loaded: 295
Scanning memory - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious programs
In the database 317 port descriptions
Opened at this PC: 0 TCP ports and 0 UDP ports
Checking complete, no suspicious ports detected
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminálová služba)
>> Services: potentially dangerous service allowed: SSDPSRV (Služba rozpoznávání pomocí protokolu SSDP)
>> Services: potentially dangerous service allowed: Schedule (Plánovač úloh)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting - Vzdálené sdílení plochy)
>> Services: potentially dangerous service allowed: RDSessMgr (Správce relací nápovědy ke vzdálené ploše)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun are allowed
>>> HDD autorun are allowed - fixed
>> Autorun from network drives are allowed
>>> Autorun from network drives are allowed - fixed
>> Removable media autorun are allowed
>>> Removable media autorun are allowed - fixed
Checking - complete
Files scanned: 121127, extracted from archives: 100483, malicious software found 0, suspicions - 0
Scanning finished at 7.8.2009 10:18:32
Time of scanning: 00:15:52
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference

Damned · Příspěvekod **Damned** » 07 srp 2009 10:43

Musím teď pryč. Odpoledne, nebo k večeru ti sem dám skript.

Damned · Příspěvekod **Damned** » 07 srp 2009 19:16

Stáhni si archív Zip. ↓ Obsahuje 6 souborů s příponou reg. Archív extrahuj na Plochu. Na Ploše najdi tyto soubory a postupně je poklepáním spusť.
Vždy budeš dotázán na přidání hodnoty do registru. 6x schval.
*****************************************************************************************************************************************
Potom:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\Drivers\Winfj04.sys
c:\windows\system32\Drivers\Winim61.sys
c:\windows\system32\Drivers\Winot61.sys
c:\windows\system32\Drivers\Winqx04.sys
c:\windows\system32\Drivers\Winrx48.sys

Driver::
Winfj04;Winfj04
Winfj04
Winim61;Winim61
Winim61
Winot61;Winot61
Winot61
Winqx04;Winqx04
Winqx04
Winrx48;Winrx48
Winrx48
ImapiServiceWZCSVC;Služba modelu COM pro zápis na disk CD (IMAPI) ImapiServiceWZCSVC
ImapiServiceWZCSVC
MSDTCMSDTC;Koordinátor DTC MSDTCMSDTC
MSDTCMSDTC
UPSHidServ;Nepřerušitelný zdroj napájení (UPS) UPSHidServ
UPSHidServ
W32TimeSchedule;Systémový čas W32TimeSchedule
W32TimeSchedule
WebClientFastUserSwitchingCompatibility;Webový klient WebClientFastUserSwitchingCompatibility
WebClientFastUserSwitchingCompatibility
WmiApSrvBrowser;Adaptér výkonu služby WMI WmiApSrvBrowser
WmiApSrvBrowser

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfj04.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winim61.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot61.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx04.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx48.sys]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiServiceWZCSVC]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTCMSDTC]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPSHidServ]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32TimeSchedule]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientFastUserSwitchingCompatibility]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvBrowser]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

tre-SKA · Příspěvekod **tre-SKA** » 10 srp 2009 12:35

ComboFix 09-08-04.04 - D51s 10.08.2009 12:16.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.503.268 [GMT 2:00]
Spuštěný z: c:\documents and settings\D51s\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\D51s\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.70 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
"c:\windows\system32\Drivers\Winfj04.sys"
"c:\windows\system32\Drivers\Winim61.sys"
"c:\windows\system32\Drivers\Winot61.sys"
"c:\windows\system32\Drivers\Winqx04.sys"
"c:\windows\system32\Drivers\Winrx48.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMAPISERVICEWZCSVC
-------\Legacy_MSDTCMSDTC
-------\Legacy_UPSHIDSERV
-------\Legacy_W32TIMESCHEDULE
-------\Legacy_WEBCLIENTFASTUSERSWITCHINGCOMPATIBILITY
-------\Legacy_WINFJ04
-------\Legacy_WINIM61
-------\Legacy_WINOT61
-------\Legacy_WINQX04
-------\Legacy_WINRX48
-------\Legacy_WMIAPSRVBROWSER
-------\Service_Winfj04
-------\Service_Winim61
-------\Service_Winot61
-------\Service_Winqx04
-------\Service_Winrx48

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-07 08:32 . 2009-08-07 08:32 -------- d-----w- c:\program files\CCleaner
2009-08-06 11:11 . 2009-08-06 11:11 -------- d-----w- c:\program files\Support Tools
2009-08-05 09:01 . 2009-04-06 13:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 09:00 . 2009-04-06 13:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 09:00 . 2009-08-05 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 08:59 . 2009-08-05 08:59 -------- d-----w- c:\program files\Trend Micro
2009-08-05 08:49 . 2008-04-14 06:52 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-08-05 08:49 . 2008-04-14 06:52 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-08-05 08:49 . 2001-10-24 10:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-08-05 08:47 . 2008-04-13 20:04 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2009-08-05 08:46 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-08-05 08:45 . 2001-08-17 18:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-08-05 08:44 . 2001-10-24 10:24 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-08-05 08:43 . 2001-10-24 10:25 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-08-05 08:42 . 2001-08-17 19:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-08-05 08:42 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2009-08-05 08:42 . 2001-10-24 10:24 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2009-08-05 08:42 . 2001-08-17 18:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2009-08-05 08:42 . 2001-10-24 10:04 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2009-08-05 08:42 . 2001-08-17 18:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2009-08-05 08:42 . 2001-08-17 19:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2009-08-05 08:42 . 2008-04-13 22:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2009-08-05 08:42 . 2008-04-13 22:06 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2009-08-05 08:42 . 2001-10-24 10:25 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2009-08-05 08:42 . 2001-10-24 10:25 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2009-08-05 08:42 . 2001-10-24 10:25 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2009-08-05 08:42 . 2001-10-24 10:25 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2009-08-05 08:40 . 2001-08-17 18:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2009-08-05 08:40 . 2001-10-24 10:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-08-05 08:40 . 2001-10-24 10:02 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2009-08-05 08:40 . 2008-04-13 22:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2009-08-05 08:40 . 2001-08-17 19:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2009-08-05 08:40 . 2001-08-17 19:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-08-05 08:40 . 2001-10-24 10:02 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2009-08-05 08:40 . 2001-10-24 10:02 16640 -c--a-w- c:\windows\system32\dllcache\scmstcs.sys
2009-08-05 08:40 . 2001-08-17 19:51 23936 -c--a-w- c:\windows\system32\dllcache\sccmusbm.sys
2009-08-05 08:40 . 2001-10-24 10:01 23936 -c--a-w- c:\windows\system32\dllcache\sccmn50m.sys
2009-08-05 08:40 . 2008-04-13 22:10 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2009-08-05 08:38 . 2001-10-24 10:25 9728 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-08-05 08:37 . 2001-08-17 19:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2009-08-05 08:36 . 2001-08-17 20:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2009-08-05 08:35 . 2001-08-17 20:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2009-08-05 08:35 . 2001-10-24 09:50 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2009-08-05 08:35 . 2001-10-24 09:50 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2009-08-05 08:35 . 2001-08-17 18:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-08-05 08:35 . 2001-08-17 18:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-08-05 08:35 . 2008-04-13 22:16 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2009-08-05 08:35 . 2001-08-17 18:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-08-05 08:35 . 2001-10-24 10:24 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-08-05 08:35 . 2008-04-14 06:06 2025984 -c--a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-05 08:35 . 2001-08-17 18:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-08-05 08:34 . 2001-10-24 09:44 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-08-05 08:34 . 2001-08-17 19:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-08-05 08:34 . 2008-04-13 22:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-08-05 08:34 . 2001-08-17 18:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-08-05 08:34 . 2001-08-17 18:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-08-05 08:34 . 2001-08-17 18:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-08-05 08:34 . 2008-04-14 06:04 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-08-05 08:34 . 2001-10-24 09:42 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2009-08-05 08:32 . 2001-08-17 20:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2009-08-05 08:31 . 2001-10-24 10:24 58880 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2009-08-05 08:30 . 2001-08-17 19:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2009-08-05 08:29 . 2001-10-24 10:24 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2009-08-05 08:28 . 2001-10-24 10:24 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2009-08-05 08:27 . 2001-10-24 09:58 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2009-08-05 08:26 . 2001-08-17 18:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2009-08-05 08:25 . 2001-10-24 09:48 173568 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2009-08-05 08:24 . 2001-10-24 10:25 618525 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2009-08-05 08:23 . 2001-08-17 18:19 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
2009-08-05 08:22 . 2001-10-24 09:49 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-08-05 08:21 . 2001-10-24 10:24 382592 -c--a-w- c:\windows\system32\dllcache\atidrab.dll
2009-08-05 08:20 . 2001-10-24 10:24 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-08-05 08:20 . 2008-04-14 06:06 2147328 -c--a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 12:47 . 2008-04-14 06:51 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2009-08-04 12:44 . 2007-08-10 18:43 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-08-04 12:42 . 2009-08-04 12:42 -------- d-----w- c:\windows\EHome
2009-08-04 12:27 . 2009-08-04 12:27 -------- d-----w- c:\program files\XP TCPIP Repair
2009-08-04 10:34 . 2009-08-04 10:34 -------- d-----w- c:\program files\Lavalys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 11:11 . 2006-11-13 08:31 3226 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-08-05 08:07 . 2004-08-18 12:00 47040 ----a-w- c:\windows\system32\perfc005.dat
2009-08-05 08:07 . 2004-08-18 12:00 312894 ----a-w- c:\windows\system32\perfh005.dat
2009-08-05 08:06 . 2006-11-13 08:57 -------- d-----w- c:\program files\Intel
2009-08-04 12:50 . 2006-11-13 08:31 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-02 08:50 . 2009-07-02 08:45 -------- d-----w- c:\program files\Common Files\Nikon
2009-07-02 08:49 . 2009-07-02 08:45 -------- d-----w- c:\program files\Nikon
2009-07-02 08:46 . 2009-07-02 08:46 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-07-02 08:45 . 2003-03-17 21:00 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-07-02 08:45 . 2006-11-13 08:56 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-02 08:44 . 2009-07-02 08:44 -------- d-----w- c:\program files\QuickTime
2009-07-02 08:44 . 2009-07-02 08:44 -------- d-----w- c:\program files\ArcSoft
2009-07-02 08:44 . 2006-11-13 08:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 07:30 . 2007-04-02 12:01 256712 ----a-w- c:\windows\system32\Prounstl.exe
2009-06-24 06:24 . 2009-06-24 06:24 184320 ----a-w- c:\windows\system32\Ncs2Setp.dll
2009-06-24 06:15 . 2009-06-24 06:15 764536 ----a-w- c:\windows\system32\ncs2dmix.dll
2009-06-24 06:15 . 2009-06-24 06:15 539256 ----a-w- c:\windows\system32\accesor.dll
2009-06-24 05:55 . 2009-06-24 05:55 141944 ----a-w- c:\windows\system32\ncs2instutility.dll
2009-06-24 05:46 . 2009-06-24 05:46 1620600 ----a-w- c:\windows\system32\ncscolib.dll
2009-06-23 22:54 . 2009-06-23 22:54 30880 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2009-05-20 05:56 . 2009-05-20 05:56 116360 ----a-w- c:\windows\system32\drivers\ianswxp.sys
.

------- Sigcheck -------

[7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-13 22:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\system32\dllcache\tcpip.sys

.
((((((((((((((((((((((((((((( SnapShot@2009-08-06_10.29.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-13 09:19 . 2009-08-10 10:03 115768 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-06 11:11 . 2009-08-06 11:11 219136 c:\windows\Installer\2928d0.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"nod32kui"="c:\program files\NOD\nod32kui.exe" [2007-11-28 949376]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [28.11.2007 16:36 15424]
.
.
------- Doplňkový sken -------
.
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {87CCBA22-166E-472C-9E0E-BC81CBD5BCD5} = 158.195.40.1,158.195.2.2
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 12:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\NOD\nod32krn.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-10 12:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-10 10:27
ComboFix2.txt 2009-08-06 10:31

Před spuštěním: Volných bajtů: 13 888 847 872
Po spuštění: Volných bajtů: 13 843 263 488

205

Damned · Příspěvekod **Damned** » 10 srp 2009 16:05

Jak se to chová? Dej mi sem ještě nový log z HJT.

tre-SKA · Příspěvekod **tre-SKA** » 11 srp 2009 10:29

ta siet stale nejde... chova sa to tak ako predtym:(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:57, on 11.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\NOD\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\NOD\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{87CCBA22-166E-472C-9E0E-BC81CBD5BCD5}: NameServer = 158.195.40.1,158.195.2.2
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\NOD\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4176 bytes

nelze se spojit s ovladacem protokolu IP

nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Re: nelze se spojit s ovladacem protokolu IP

Kdo je online