Nedostupny internet po odstraneni trojana

[draghard]

Dobry den,

mel jsem notebook infikovan trojanem (jakasi verze downloadera-viz report z AVPTool), ktery blokoval pristup k siti. Podarilo se mi ho zlikvidovat v nouzovem rezimu pomoci DrWebCureIt, ale potize s pripojenim zustavaji a nedari se mi notebook pripojit k siti. Posledni verze DrWebCureIt i AVPTool hlasi cisty pocitac (krome souboru v karantene).

pravdepodobne vysledky predchozi prace trojana:
Po startu Win se mi nespousti prakticky zadna aplikace Po spusteni; je vymazan firefox.exe v adresari Mozilly; win nepoznavaji priponu .htm, ESET Smart Security pise, ze se nepodarilo zavest proxy server a tudiz nefunguje kontrola http protokolu; nelze se pripojit k siti; ikony pripojeni k siti na hlavnim panelu se zobrazi az kdyz spustim nastaveni site.

Nastaveni mistni site (IP,maska, servery DHCP,DNS) jsem provedl. Vypis pomoci prikazu ipconfig /all se mi zda ok, presto se notebook nepripoji k siti.

Prosim o radu. Predem dekuji.

Prikladam vypisy z AVPTool, RSIT, ComboFix:
AVPTool
Autoscan: completed 6 minutes ago (events: 6, objects: 146677, time: 00:33:35)
27.12.2009 14:08:34 Task started
27.12.2009 14:15:09 Detected: Trojan.Win32.Agent.demb C:\Documents and Settings\martinpolidar\DoctorWeb\Quarantine\load[1].exe
27.12.2009 14:15:09 Detected: Trojan.Win32.Agent.demb C:\Documents and Settings\martinpolidar\DoctorWeb\Quarantine\siszyd32.exe
27.12.2009 14:16:42 Deleted: Trojan.Win32.Agent.demb C:\Documents and Settings\martinpolidar\DoctorWeb\Quarantine\load[1].exe
27.12.2009 14:16:43 Deleted: Trojan.Win32.Agent.demb C:\Documents and Settings\martinpolidar\DoctorWeb\Quarantine\siszyd32.exe
27.12.2009 14:42:09 Task completed

RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by martin at 2009-12-27 14:52:43
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (36%) free of 30 GB
Total RAM: 1023 MB (39% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\ERASER.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]
"TrueCrypt"=C:\Program Files\TrueCrypt\TrueCrypt.exe [2009-11-27 1415632]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Aktualizovat ESET licenci.lnk - C:\Program Files\ESET\MiNODLogin\MiNODLogin.exe
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe

C:\Documents and Settings\martinpolidar\Nabídka Start\Programy\Po spuštění
setup_9.0.0.722_25.12.2009_11-11.lnk - C:\Program Files\Virus Removal Tool\setup_9.0.0.722_25.12.2009_11-11\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-30 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=B1000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe"="C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{021dc122-5594-11de-965e-001bfc48d069}]
shell\AutoRun\command - x.cmd
shell\open\command - x.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{222a1734-5fb7-11de-966d-001bfc48d069}]
shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65e0804a-0951-11de-95c5-001bfc48d069}]
shell\AutoRun\command - WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8963840c-9c07-11dd-bc79-001bfc48d069}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe33a6e-bd99-11dd-bc8e-001bfc48d069}]
shell\AutoRun\command - E:\setup.exe AUTORUN=1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d10fb71f-6090-11de-966e-001bfc48d069}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\KESHA.EXE


======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-12-27 14:52:45 ----D---- C:\Program Files\trend micro
2009-12-27 14:52:43 ----D---- C:\rsit
2009-12-27 14:04:19 ----D---- C:\WINDOWS\LastGood
2009-12-27 14:04:15 ----D---- C:\Program Files\Virus Removal Tool
2009-12-27 13:28:14 ----A---- C:\WINDOWS\resetlog.txt
2009-12-23 20:56:31 ----SHD---- C:\Config.Msi
2009-12-21 22:05:09 ----SHD---- C:\WINDOWS\CSC
2009-12-14 22:08:36 ----D---- C:\Program Files\QuickTime
2009-12-14 22:08:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2009-12-14 22:07:28 ----D---- C:\Program Files\Common Files\Apple
2009-12-14 21:18:05 ----D---- C:\Program Files\Common Files\xing shared
2009-12-14 20:57:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS
2009-12-09 09:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 09:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-09 09:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 09:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 09:33:13 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-09 09:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-02 17:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-02 16:59:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-02 16:46:00 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 1 months======

2009-12-27 14:52:45 ----D---- C:\Program Files
2009-12-27 14:05:52 ----SHD---- C:\System Volume Information
2009-12-27 14:04:40 ----D---- C:\WINDOWS\system32\drivers
2009-12-27 14:04:39 ----HD---- C:\WINDOWS\inf
2009-12-27 14:04:19 ----D---- C:\WINDOWS
2009-12-27 14:04:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-27 13:36:20 ----D---- C:\WINDOWS\Temp
2009-12-27 13:28:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-25 19:20:41 ----D---- C:\Documents and Settings\martinpolidar\Data aplikací\XnView
2009-12-25 18:37:43 ----A---- C:\WINDOWS\wincmd.ini
2009-12-24 17:52:13 ----D---- C:\Program Files\DOSBox-0.72
2009-12-24 17:03:59 ----D---- C:\Program Files\TrueCrypt
2009-12-23 21:19:20 ----D---- C:\Documents and Settings\martinpolidar\Data aplikací\Skype
2009-12-23 21:17:41 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-12-23 21:16:47 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-23 20:58:05 ----SHD---- C:\WINDOWS\Installer
2009-12-23 20:34:37 ----D---- C:\WINDOWS\Registration
2009-12-23 19:48:12 ----D---- C:\WINDOWS\Prefetch
2009-12-23 19:23:52 ----D---- C:\WINDOWS\network diagnostic
2009-12-21 18:38:25 ----D---- C:\WINDOWS\system32
2009-12-21 18:38:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-21 16:21:11 ----D---- C:\Program Files\Mozilla Firefox
2009-12-21 15:18:07 ----D---- C:\Program Files\Spyware Doctor
2009-12-21 14:35:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-21 14:35:38 ----D---- C:\WINDOWS\system32\config
2009-12-21 14:31:31 ----D---- C:\Program Files\Mozilla Thunderbird
2009-12-19 16:29:27 ----D---- C:\Documents and Settings\martinpolidar\Data aplikací\foobar2000
2009-12-18 18:35:23 ----D---- C:\Program Files\SpywareBlaster
2009-12-17 12:47:27 ----D---- C:\Documents and Settings\martinpolidar\Data aplikací\Azureus
2009-12-14 23:19:05 ----D---- C:\Zalohy
2009-12-14 22:07:28 ----D---- C:\Program Files\Common Files
2009-12-14 21:18:23 ----D---- C:\Program Files\Common Files\Real
2009-12-14 21:18:21 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-12-14 21:18:08 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-12-14 21:18:08 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-12-14 21:17:49 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-12-14 21:05:39 ----D---- C:\Documents and Settings\martinpolidar\Data aplikací\Adobe
2009-12-14 21:04:40 ----D---- C:\WINDOWS\system32\Adobe
2009-12-13 23:41:06 ----A---- C:\WINDOWS\ChssBase.ini
2009-12-09 09:44:22 ----D---- C:\WINDOWS\AppPatch
2009-12-09 09:44:22 ----D---- C:\Program Files\Internet Explorer
2009-12-09 09:34:06 ----D---- C:\WINDOWS\system32\cs-cz
2009-12-09 09:33:53 ----D---- C:\WINDOWS\ie7updates
2009-12-09 09:33:48 ----A---- C:\WINDOWS\imsins.BAK
2009-12-09 09:33:43 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-07 22:02:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-06 12:34:34 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-06 00:55:39 ----D---- C:\Program Files\KeePass Password Safe
2009-12-05 14:48:16 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-05 14:48:13 ----RSD---- C:\WINDOWS\assembly
2009-12-05 14:45:27 ----D---- C:\Program Files\Xobni
2009-12-02 17:00:22 ----D---- C:\WINDOWS\WinSxS
2009-12-02 16:59:26 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-02 16:46:17 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-02 16:46:07 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 54469061;54469061; C:\WINDOWS\system32\DRIVERS\54469061.sys [2009-09-25 128016]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 setup_9.0.0.722_25.12.2009_11-11drv;setup_9.0.0.722_25.12.2009_11-11drv; C:\WINDOWS\system32\DRIVERS\5446906.sys [2009-10-09 315408]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-05 21419]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-30 1580544]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 M3AD;Motorola Messenger Modem Audio Device; C:\WINDOWS\system32\drivers\m3aux.sys [2006-08-10 136832]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-26 1707776]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF; C:\WINDOWS\System32\Drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2006-01-02 8278]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-02-10 47488]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 a0ae5qbg;a0ae5qbg; C:\WINDOWS\system32\drivers\a0ae5qbg.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]
S3 GT72UBUS;GT 72 U BUS; C:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER; \??\C:\WINDOWS\system32\ipsecndis.sys []
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-11-03 36608]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-09-18 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-09-18 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-09-18 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-09-18 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-09-18 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-09-18 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-09-18 90800]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-02 108928]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-03-16 37632]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2006-03-15 52864]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-24 40192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-30 409600]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 GtDetectSc;GtDetectSc; C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 196704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-09-29 266343]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
R2 XobniService;XobniService; C:\Program Files\Xobni\XobniService.exe [2009-11-13 46824]
S2 IPSecPooler;IP SEC PROTOCOL POLLER; C:\WINDOWS\system32\ipsecpooler.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-07-22 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-12-05 1097096]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

ComboFix:
ComboFix 09-12-26.04 - martin 27.12.2009 15:14:52.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.634 [GMT 3:00]
Spuštěný z: c:\documents and settings\martinpolidar\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\tmp3.tmp
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPSECPOOLER
-------\Service_IPSecPooler


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-27 do 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 11:52 . 2009-12-27 11:52 -------- d-----w- c:\program files\trend micro
2009-12-27 11:52 . 2009-12-27 11:52 -------- d-----w- C:\rsit
2009-12-14 19:08 . 2009-12-14 19:09 -------- d-----w- c:\program files\QuickTime
2009-12-14 19:07 . 2009-12-14 19:07 -------- d-----w- c:\program files\Common Files\Apple
2009-12-14 18:18 . 2009-12-14 18:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-09 06:31 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:52 . 2009-03-08 11:17 -------- d-----w- c:\program files\DOSBox-0.72
2009-12-24 14:03 . 2008-06-06 08:30 -------- d-----w- c:\program files\TrueCrypt
2009-12-21 15:38 . 2006-03-02 12:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2009-12-21 15:38 . 2006-03-02 12:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2009-12-21 12:18 . 2009-04-09 10:24 -------- d-----w- c:\program files\Spyware Doctor
2009-12-21 11:31 . 2008-07-24 12:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-18 15:35 . 2008-07-24 11:58 -------- d-----w- c:\program files\SpywareBlaster
2009-12-14 18:18 . 2008-08-23 08:16 -------- d-----w- c:\program files\Common Files\Real
2009-12-05 21:55 . 2008-07-23 14:29 -------- d-----w- c:\program files\KeePass Password Safe
2009-12-05 11:45 . 2009-11-13 08:10 -------- d-----w- c:\program files\Xobni
2009-12-05 08:52 . 2009-04-09 10:24 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-05 08:52 . 2009-12-05 08:52 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-27 15:50 . 2009-07-08 19:55 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-11-24 20:51 . 2009-04-13 14:04 -------- d-----w- c:\program files\myDozer
2009-11-24 06:49 . 2008-08-02 07:21 -------- d-----w- c:\program files\Vuze
2009-11-23 08:50 . 2008-06-05 13:58 -------- d-----w- c:\program files\Java
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 15:51 . 2008-08-18 14:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 19:28 . 2008-07-23 11:54 -------- d-----w- c:\program files\foobar2000
2009-10-30 13:32 . 2009-10-30 13:31 -------- d-----w- c:\program files\DivX
2009-10-30 13:32 . 2009-10-30 13:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-29 07:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 01:17 . 2009-07-08 11:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2009-11-27 1415632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe

[2008-7-22 25214]
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-6-5 786432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9.4.2009 13:24 206256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.7.2008 20:22 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 16:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [18.12.2007 12:48 196704]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12.10.2009 19:33 46824]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [5.6.2008 12:10 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [5.6.2008 12:10 8278]
S3 cpuz130;cpuz130;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -->

c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [18.2.2008 16:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [8.2.2008 12:00 59648]
S3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER;\??\c:\windows\system32\ipsecndis.sys -->

c:\windows\system32\ipsecndis.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 15:20 12648]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9.4.2009 13:24 348752]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Miranda IM - x:\miranda im\Uninstall.exe
AddRemove- Ukrajinska foneticka klavesnice_is1 - c:\windows\unins000.exe
AddRemove-TweakUI - c:\windows\rundll32.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3540)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
.
**************************************************************************
.
Celkový čas: 2009-12-27 15:24:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-27 12:24

Před spuštěním: Volných bajtů: 11 429 715 968
Po spuštění: Volných bajtů: 11 615 547 392

- - End Of File - - 9D8497A5902ADBEA9D4E7A9049995E8B

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[draghard]

ComboFix:
ComboFix 09-12-26.04 - martin 27.12.2009 15:14:52.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.634 [GMT 3:00]
Spuštěný z: c:\documents and settings\martinpolidar\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Temp\tmp3.tmp
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPSECPOOLER
-------\Service_IPSecPooler


((((((((((((((((((((((((( Soubory vytvořené od 2009-11-27 do 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 11:52 . 2009-12-27 11:52 -------- d-----w- c:\program files\trend micro
2009-12-27 11:52 . 2009-12-27 11:52 -------- d-----w- C:\rsit
2009-12-14 19:08 . 2009-12-14 19:09 -------- d-----w- c:\program files\QuickTime
2009-12-14 19:07 . 2009-12-14 19:07 -------- d-----w- c:\program files\Common Files\Apple
2009-12-14 18:18 . 2009-12-14 18:18 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-09 06:31 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 14:52 . 2009-03-08 11:17 -------- d-----w- c:\program files\DOSBox-0.72
2009-12-24 14:03 . 2008-06-06 08:30 -------- d-----w- c:\program files\TrueCrypt
2009-12-21 15:38 . 2006-03-02 12:00 84030 ----a-w- c:\windows\system32\perfc005.dat
2009-12-21 15:38 . 2006-03-02 12:00 440828 ----a-w- c:\windows\system32\perfh005.dat
2009-12-21 12:18 . 2009-04-09 10:24 -------- d-----w- c:\program files\Spyware Doctor
2009-12-21 11:31 . 2008-07-24 12:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-18 15:35 . 2008-07-24 11:58 -------- d-----w- c:\program files\SpywareBlaster
2009-12-14 18:18 . 2008-08-23 08:16 -------- d-----w- c:\program files\Common Files\Real
2009-12-05 21:55 . 2008-07-23 14:29 -------- d-----w- c:\program files\KeePass Password Safe
2009-12-05 11:45 . 2009-11-13 08:10 -------- d-----w- c:\program files\Xobni
2009-12-05 08:52 . 2009-04-09 10:24 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-05 08:52 . 2009-12-05 08:52 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-27 15:50 . 2009-07-08 19:55 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-11-24 20:51 . 2009-04-13 14:04 -------- d-----w- c:\program files\myDozer
2009-11-24 06:49 . 2008-08-02 07:21 -------- d-----w- c:\program files\Vuze
2009-11-23 08:50 . 2008-06-05 13:58 -------- d-----w- c:\program files\Java
2009-11-21 16:03 . 2006-03-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 15:51 . 2008-08-18 14:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 19:28 . 2008-07-23 11:54 -------- d-----w- c:\program files\foobar2000
2009-10-30 13:32 . 2009-10-30 13:31 -------- d-----w- c:\program files\DivX
2009-10-30 13:32 . 2009-10-30 13:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-29 07:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2006-03-02 12:00 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 01:17 . 2009-07-08 11:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2009-11-27 1415632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe

[2008-7-22 25214]
Aktualizovat ESET licenci.lnk - c:\program files\ESET\MiNODLogin\MiNODLogin.exe [2009-12-10 125952]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
GlobeTrotter Connect.lnk - c:\program files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2008-6-5 786432]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9.4.2009 13:24 206256]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.7.2008 20:22 685816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 16:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 15:47 731840]
R2 GtDetectSc;GtDetectSc;c:\program files\Option\GlobeTrotter Connect\GtDetectSc.exe [18.12.2007 12:48 196704]
R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [12.10.2009 19:33 46824]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [5.6.2008 12:10 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [5.6.2008 12:10 8278]
S3 cpuz130;cpuz130;\??\c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -->

c:\docume~1\MARTIN~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [18.2.2008 16:14 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [8.2.2008 12:00 59648]
S3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER;\??\c:\windows\system32\ipsecndis.sys -->

c:\windows\system32\ipsecndis.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 15:20 12648]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9.4.2009 13:24 348752]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Miranda IM - x:\miranda im\Uninstall.exe
AddRemove- Ukrajinska foneticka klavesnice_is1 - c:\windows\unins000.exe
AddRemove-TweakUI - c:\windows\rundll32.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3540)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
.
**************************************************************************
.
Celkový čas: 2009-12-27 15:24:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-27 12:24

Před spuštěním: Volných bajtů: 11 429 715 968
Po spuštění: Volných bajtů: 11 615 547 392

- - End Of File - - 9D8497A5902ADBEA9D4E7A9049995E8B

[Rudy]

2 položky smazány, zbytek logu vypadá čistý. Nastala nějaká změna?

[draghard]

Bohuzel beze zmeny. Nemohu se stale pripojit k siti (pouzivam ethernet). Posilam co nasel LSP-Fix a ipconfig (pokud nastavim stejne jiny pocitac, pripojeni funguje...). Eset security stale hlasi, ze nemuze spustit proxy server.

[Rudy]

Zkuste použít WinsockFix: http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22 . Utilita reinstaluje protokol TCP/IP. Po restartu PC budete muset znovu nastavit parametry sítě.

[draghard]

Bohuzel to nepomohlo, problem pretrvava. Jen to zresetovalo nastaveni site, jinak jsem nepoznal zadnou zmenu.

[Rudy]

Jen to zresetovalo nastaveni site...

Nikoliv. Byl to reinstal přenosového protokolu, při němž se smaže nastavení parametrů sítě. patrně budete muset provést opravu systému z instal. CD, nebo pomocí XPManageru: http://www.viry.cz/forum/viewtopic.php?f=46&t=17549 .

[draghard]

Ok, toho jsem se obaval. Jeste mi prosim poradte-podle vasich zkusenosti je lepsi opravovat instalaci Win, nebo primo preinstalovat systemovy oddil cistou instalaci?

[Rudy]

Asi takto: Pokud nemáte image disku (zálohu vytvořenou např. v programu TrueImage apod.), je lépe podle mého názoru se o opravu pokusit. Reinstal je až poslední možnost. Záruku, že se oprava zdaří, vám ale dát nemohu.

[draghard]

Jeste dodatecne diky za pomoc. Opravil jsem instalaci Win a vypada to, ze se to chova korektne.

[Rudy]

Nemáte zač a zamykám.