Problémy s atapi.sys a ntoskrnl.exe

[hureckej]

Dobrý den,
poslední dobou mám problémy s BSOD a restarty PC. Analýzou minidumpu jsem zjistil problémy s výše uvedenými soubory. Prosím o pomoc při odvirování. Děkuji.

[Rudy]

Zdravím!
Nejprve dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

[hureckej]

Z adresáře system32 jsem vymazal soubor dll.dll, který mi našel antivir. Níže je požadovaný log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2011-11-27 11:56:01
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 9 GB (11%) free of 76 GB
Total RAM: 255 MB (16% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\m90a8k90.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "xmlfiller@software602.cz:3.1.7, {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429, {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.19"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\\extensions\
xmlfiller@software602.cz
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}

C:\Program Files\Mozilla Firefox\\components\
AskHPRFF.js
binary.manifest
browsercomps.dll
nsIFillerPlugin.xpt

C:\Program Files\Mozilla Firefox\\plugins\
np32dsw.dll
npfiller.dll
nppdf32.dll
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\m90a8k90.default\extensions\
{0b38152b-1b20-484d-a11f-5e04a9b0661f}

C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\m90a8k90.default\searchplugins\
askcom.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\3347\3952\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"=C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [2004-12-31 469824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-10-29 4620288]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-10-29 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"9xadiras"=9xadiras.exe []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe -atboottime []
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe []
"C-Media Mixer"=Mixer.exe /startup []
"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SMrhcp9lj0etcv"=C:\Program Files\rhcp9lj0etcv\rhcp9lj0etcv.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart []
"EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe silent []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
DSLMON.lnk - C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mdhcp32]
C:\WINDOWS\system32\mdhcp32.dll [2011-06-06 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"=C:\Program Files\Microsoft AntiSpyware\shellextension.dll [2004-12-31 93408]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4294967295

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\Temp\NavBrowser.exe"="C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser"
"C:\SIMS\RACER\racer.exe"="C:\SIMS\RACER\racer.exe:*:Disabled:racer"
"C:\SIMS\RACER\tracked.exe"="C:\SIMS\RACER\tracked.exe:*:Disabled:tracked"
"C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Disabled:Speed"
"C:\Program Files\MotoGP2\motogp2.exe"="C:\Program Files\MotoGP2\motogp2.exe:*:Enabled:motogp2"
"C:\Program Files\DayDream\Ski-Doo\Racing.exe"="C:\Program Files\DayDream\Ski-Doo\Racing.exe:*:Enabled:Ski-Doo X-Team Racing"
"C:\Program Files\GameSpy Arcade\Services\_common\RWVoice.exe"="C:\Program Files\GameSpy Arcade\Services\_common\RWVoice.exe:*:Disabled:RogerWilco Lite for GameSpy Arcade"
"C:\Program Files\Oil Tycoon\ot.exe"="C:\Program Files\Oil Tycoon\ot.exe:*:Enabled:Oil Tycoon"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\Blobby Volley\volley.exe"="D:\Blobby Volley\volley.exe:*:Disabled:volley"
"C:\Program Files\Ski Jumping\skispringen2006.exe"="C:\Program Files\Ski Jumping\skispringen2006.exe:*:Enabled:skispringen2006"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=i263_32.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MJPG"=pvmjpg21.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.g723"=g723.acm
"vidc.I263"=I263_32.drv
"vidc.ffds"=ffdshow.ax
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-11-27 11:56:02 ----D---- C:\Program Files\trend micro
2011-11-27 11:56:01 ----D---- C:\rsit
2011-11-27 11:55:47 ----A---- C:\RSIT.exe
2011-11-27 11:14:11 ----SHD---- C:\$RECYCLE.BIN
2011-11-27 09:59:54 ----A---- C:\WINDOWS\system32\dll.dll
2011-10-30 08:55:56 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-10-30 08:55:55 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-10-30 08:55:48 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-10-30 08:55:48 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-10-30 08:55:47 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-10-30 08:55:45 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-10-30 08:55:45 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-10-30 08:55:44 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-10-30 08:54:58 ----A---- C:\WINDOWS\avastSS.scr
2011-10-30 08:54:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-10-30 08:54:34 ----D---- C:\Program Files\AVAST Software
2011-10-30 08:54:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software

======List of files/folders modified in the last 1 month======

2011-11-27 11:56:02 ----RD---- C:\Program Files
2011-11-27 11:55:52 ----D---- C:\Program Files\Microsoft AntiSpyware
2011-11-27 11:55:31 ----A---- C:\WINDOWS\wincmd.ini
2011-11-27 11:55:16 ----D---- C:\WINDOWS\Prefetch
2011-11-27 11:54:48 ----D---- C:\WINDOWS\Temp
2011-11-27 11:53:35 ----D---- C:\WINDOWS\system32
2011-11-27 11:43:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-27 11:11:14 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-23 08:41:50 ----D---- C:\old
2011-11-16 17:32:15 ----D---- C:\WINDOWS\Minidump
2011-11-16 17:32:15 ----D---- C:\WINDOWS
2011-11-16 09:31:00 ----A---- C:\WINDOWS\system32\shimg.dll
2011-11-13 19:36:19 ----D---- C:\WINDOWS\Help
2011-11-10 21:13:39 ----D---- C:\Program Files\Mozilla Firefox
2011-11-10 17:27:29 ----A---- C:\WINDOWS\NeroDigital.ini
2011-11-09 18:01:38 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-30 09:11:16 ----D---- C:\WINDOWS\system32\drivers
2011-10-30 08:55:27 ----SHD---- C:\WINDOWS\Installer
2011-10-30 08:55:26 ----D---- C:\WINDOWS\WinSxS
2011-10-30 07:12:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2004-11-25 46080]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2004-10-28 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-11-29 19648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-01-18 611064]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-18 41216]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-10-29 2826944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2003-11-13 46423]
S3 adiusbaw;ADSL USB MODEM WAN ADAPTER; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2004-01-12 127721]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 Ser2pl;MAT Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-10-29 127043]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 gupdate1c99424fa367058;Služba Google Update (gupdate1c99424fa367058); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Rudy]

Ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[hureckej]

ComboFix 11-11-26.04 - user 27.11.2011 12:22:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.255.7 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\WINDOWS
C:\UCTO2010
c:\ucto2010\B&W.PAL
c:\ucto2010\BLUE.PAL
c:\ucto2010\BROWN.PAL
c:\ucto2010\CAT.BAT
c:\ucto2010\CISABS.UUU
c:\ucto2010\CISDRUH.UUU
c:\ucto2010\CISPOH.UUU
c:\ucto2010\CISSLOUP.000
c:\ucto2010\CISSLOUP.X00
c:\ucto2010\CONFIG.TXT
c:\ucto2010\DELFILE.EXE
c:\ucto2010\DISKSIZE.EXE
c:\ucto2010\DNY.000
c:\ucto2010\FAND.CFG
c:\ucto2010\FAND.RES
c:\ucto2010\FANDCFG.09
c:\ucto2010\FANDCFG.10
c:\ucto2010\FANDHTML.EXE
c:\ucto2010\FANDINST.EXE
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\crt.dat
c:\windows\system32\Dll.dll
c:\windows\system32\drivers\str.sys
c:\windows\system32\mdhcp32.dll
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-27 do 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 10:56 . 2011-11-27 10:56 -------- d-----w- c:\program files\trend micro
2011-11-27 10:56 . 2011-11-27 10:56 -------- d-----w- C:\rsit
2011-11-27 10:55 . 2011-11-27 10:45 781383 ----a-w- C:\RSIT.exe
2011-10-30 07:55 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-30 07:55 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-30 07:55 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-30 07:55 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-30 07:55 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-30 07:55 . 2011-09-06 21:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-10-30 07:55 . 2011-09-06 21:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-10-30 07:55 . 2011-09-06 21:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-10-30 07:54 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-30 07:54 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-30 07:54 . 2011-10-30 07:54 -------- d-----w- c:\program files\AVAST Software
2011-10-30 07:54 . 2011-10-30 07:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 17:21 . 2011-03-10 17:21 85998 ----a-w- c:\program files\RTM.EXE
2011-03-10 17:21 . 2011-03-10 17:21 4202 ----a-w- c:\program files\SJ3ICONS.DLL
2011-03-10 17:21 . 2011-03-10 17:21 115200 ----a-w- c:\program files\SJ3.EXE
2011-03-10 17:21 . 2011-03-10 17:21 20224 ----a-w- c:\program files\JOINTOP.EXE
2011-03-10 17:21 . 2011-03-10 17:21 63504 ----a-w- c:\program files\DPMI16BI.OVL
2011-11-10 20:13 . 2011-05-16 20:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2004-12-31 469824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"C-Media Mixer"="Mixer.exe" [2002-07-12 1581056]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
DSLMON.lnk - c:\program files\ADSL\ADSL USB MODEM\dslmon.exe [2006-3-1 929889]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\Services\\_common\\RWVoice.exe"=]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24.2.2006 15:24 611064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [30.10.2011 8:55 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30.10.2011 8:55 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.10.2011 8:55 20568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.3.2009 11:33 222456]
S2 gupdate1c99424fa367058;Služba Google Update (gupdate1c99424fa367058);c:\program files\Google\Update\GoogleUpdate.exe [21.2.2009 14:04 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.2.2009 14:04 133104]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 13:04]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 13:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\m90a8k90.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe
HKLM-Run-9xadiras - 9xadiras.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKLM-Run-OM_Monitor - c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-SMrhcp9lj0etcv - c:\program files\rhcp9lj0etcv\rhcp9lj0etcv.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6\ICQ.exe
AddRemove-Big Scale Racing Demo_is1 - c:\program files\Ascaron\Big Scale Racing Demo\unins000.exe
AddRemove-Comic Kicker Euro2000 - c:\program files\ComicKicker_Euro2000\uninstal.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Czech Soccer Manager 2002 - c:\program files\CSM2002\DeIsL1.isu
AddRemove-NCAA Office Football Pool - c:\progra~1\NCAAPool\UNWISE.EXE
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu
AddRemove-ProHockeyManager 2005 - c:\games\phm2005\DeIsL1.isu
AddRemove-Přijímací zkoušky na střední školy - c:\windows\iun6002.exe
AddRemove-SURFive - c:\windows\IsUn0407.exe
AddRemove-Sydney R-class Tram - c:\program files\Microsoft Games\Train Simulator\Trains\AU_SydneyTramR_Remove
AddRemove-wcmdmgr.exe - c:\windows\wt\updater\wcmdmgr.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\m90a8k90.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-wtwebdriver - c:\windows\wt\updater\wcmdmgr.exe
AddRemove-YS FLIGHT SIMULATION SYSTEM 2000 - c:\program files\YSFLIGHT.COM\YSFLIGHT\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 12:57
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\Mixer.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-11-27 13:08:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-27 12:08
.
Před spuštěním: Volných bajtů: 10 280 845 312
Po spuštění: Volných bajtů: 13 689 176 064
.
- - End Of File - - 2ADD557F77B1FF4C87396F3D03F4A90B

[hureckej]

Mimo jiné to smazalo to program UCTO2010. Nemyslím si, že tam by měl být problém.

[Rudy]

CF české Účto z neznámého důvodu maže. Můžete ho obnovit z adresáře c:\Quoobox. Kromě Účta smazal i další položky. nastala nějaká změna? Zbytek logu již vypadá čistý.

[hureckej]

Bohužel musím odjet. Vyzkouším to později a dám vědět. Neměl bych ještě ten atapi.sys nahradit z instalačky ? Jinák mnohokrát děkuji za ochotu.

[Rudy]

Pokud je v něm nějaký problém, jistě. Ještě poprosím o oba logy z GMERu: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 .

[hureckej]

Děkuji za pomoc, nakonec reinstal OS.

[Rudy]

Nemáte zač!