Prosba o kontrolu logu - rootkit Win32:Evo-gen (mdm.exe)

[Nomad384]

Dobrý den, prosím o pomoc s odstraněním rootkitu Win 32:EVO-GEN.
V PC je aktivní Spybot a Avast free. Avast hlásí tento rootkit, ale ani po smazání souboru a následném testu před naběhnutím systému problém nevyřešen. Okno s hláškou o rootkitu se objevuje znovu. Udělal jsem log RSIT, který přikládám k dotazu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Sempron at 2014-10-11 14:55:51
Microsoft Windows 7 Ultimate
System drive C: has 1 GB (3%) free of 34 GB
Total RAM: 960 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:56:10, on 11.10.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\soundman.exe
C:\Windows\System32\VTTimer.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sempron\Downloads\RSIT.exe
C:\Program Files\trend micro\Sempron.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe

--
End of file - 3040 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Sempron\AppData\Roaming\Mozilla\Firefox\Profiles\dqnpllpt.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.152 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-09-22 457712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2006-11-17 577536]
"VTTimer"=C:\Windows\system32\VTTimer.exe [2005-03-08 53248]
"VTTrayp"=C:\Windows\system32\VTtrayp.exe [2006-03-23 176128]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-09-22 4085896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2014-06-24 4101576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2014-09-01 468192]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=vdrcodec.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"VIDC.MJPG"=Pvmjpg30.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-10-11 14:55:52 ----D---- C:\Program Files\trend micro
2014-10-11 14:55:51 ----D---- C:\rsit
2014-10-11 14:06:08 ----A---- C:\ComboFix.txt
2014-10-11 14:04:43 ----SHD---- C:\$RECYCLE.BIN
2014-10-11 13:45:33 ----A---- C:\Windows\MBR.exe
2014-10-11 13:45:32 ----A---- C:\Windows\zip.exe
2014-10-11 13:45:32 ----A---- C:\Windows\SWSC.exe
2014-10-11 13:45:32 ----A---- C:\Windows\SWREG.exe
2014-10-11 13:45:32 ----A---- C:\Windows\sed.exe
2014-10-11 13:45:32 ----A---- C:\Windows\PEV.exe
2014-10-11 13:45:32 ----A---- C:\Windows\NIRCMD.exe
2014-10-11 13:45:32 ----A---- C:\Windows\grep.exe
2014-10-11 13:17:38 ----D---- C:\Qoobox
2014-10-11 13:17:20 ----D---- C:\Windows\erdnt
2014-10-11 12:57:11 ----ASH---- C:\pagefile.sys
2014-10-10 18:35:32 ----D---- C:\Users\Sempron\AppData\Roaming\.RTS
2014-10-10 18:10:10 ----D---- C:\RTSStavitel
2014-10-08 17:38:33 ----D---- C:\Users\Sempron\AppData\Roaming\Ashampoo
2014-10-08 17:38:24 ----D---- C:\ProgramData\Ashampoo
2014-10-08 17:38:17 ----D---- C:\Program Files\Ashampoo
2014-10-05 11:21:15 ----A---- C:\Windows\system32\pvmjpg30.dll
2014-10-05 11:21:14 ----A---- C:\Windows\system32\msxml4.dll
2014-10-05 11:21:07 ----A---- C:\Windows\system32\msxml4r.dll
2014-10-05 11:21:07 ----A---- C:\Windows\system32\msxml4a.dll
2014-10-05 11:21:05 ----A---- C:\Windows\system32\GDIPLUS.DLL
2014-10-05 11:19:33 ----N---- C:\Windows\system32\RALMain.dll
2014-10-05 11:19:33 ----N---- C:\Windows\system32\MMAviAx.dll
2014-10-05 11:19:33 ----N---- C:\Windows\system32\MLPagAx.dll
2014-10-05 11:19:33 ----N---- C:\Windows\system32\DiskIO.dll
2014-10-05 11:19:33 ----N---- C:\Windows\system32\AVIPrAx.dll
2014-10-05 11:19:33 ----A---- C:\Windows\system32\cacheX.dll
2014-10-05 11:18:58 ----N---- C:\Windows\system32\Ltrio13n.dll
2014-10-05 11:18:58 ----N---- C:\Windows\system32\Ltr13n.dll
2014-10-05 11:18:57 ----N---- C:\Windows\system32\Ltwvc13n.dll
2014-10-05 11:18:57 ----N---- C:\Windows\system32\ltkrn13n.dll
2014-10-05 11:18:57 ----N---- C:\Windows\system32\ltfil13n.DLL
2014-10-05 11:18:56 ----N---- C:\Windows\system32\LTCLR13s.dll
2014-10-05 11:18:55 ----N---- C:\Windows\system32\LTCLR13n.dll
2014-10-05 11:18:55 ----N---- C:\Windows\system32\LMUIRes.dll
2014-10-05 11:18:55 ----N---- C:\Windows\system32\LMLRes.dll
2014-10-05 11:18:54 ----N---- C:\Windows\system32\lftga13s.dll
2014-10-05 11:18:54 ----N---- C:\Windows\system32\lftga13n.dll
2014-10-05 11:18:54 ----N---- C:\Windows\system32\lfpsd13s.dll
2014-10-05 11:18:54 ----N---- C:\Windows\system32\LFCMP13s.DLL
2014-10-05 11:18:54 ----N---- C:\Windows\system32\LFCMP13n.DLL
2014-10-05 11:18:54 ----N---- C:\Windows\system32\lfbmp13s.dll
2014-10-05 11:18:54 ----N---- C:\Windows\system32\lfbmp13n.dll
2014-10-05 11:12:10 ----A---- C:\Windows\system32\atl71.dll
2014-10-05 11:12:10 ----A---- C:\Windows\system32\ATL70.DLL
2014-10-05 11:11:57 ----A---- C:\Windows\system32\mase32.dll
2014-10-05 11:11:57 ----A---- C:\Windows\system32\masd32.dll
2014-10-05 11:11:57 ----A---- C:\Windows\system32\mamc32.dll
2014-10-05 11:11:57 ----A---- C:\Windows\system32\macd32.dll
2014-10-05 11:11:57 ----A---- C:\Windows\system32\ma32.dll
2014-10-05 11:09:35 ----A---- C:\Windows\system32\drivers\Pclepci.sys
2014-10-05 11:08:33 ----A---- C:\Windows\system32\drivers\MarvinBus.sys
2014-10-05 11:08:24 ----A---- C:\Windows\RSETPATH.exe
2014-10-05 11:06:38 ----A---- C:\Windows\system32\MSVCR71.DLL
2014-10-05 11:06:38 ----A---- C:\Windows\system32\MSVCR70.DLL
2014-10-05 11:06:38 ----A---- C:\Windows\system32\MSVCP71.DLL
2014-10-05 11:06:38 ----A---- C:\Windows\system32\MSVCP70.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MSVCI70.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71u.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71KOR.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71JPN.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71ITA.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71CHT.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71FRA.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71ESP.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71ENU.DLL
2014-10-05 11:06:37 ----A---- C:\Windows\system32\MFC71DEU.DLL
2014-10-05 11:06:36 ----A---- C:\Windows\system32\PCLEGetGuid.dll
2014-10-05 11:06:36 ----A---- C:\Windows\system32\MFC71CHS.DLL
2014-10-05 11:06:36 ----A---- C:\Windows\system32\MFC71.DLL
2014-10-05 11:06:36 ----A---- C:\Windows\system32\MFC70U.DLL
2014-10-05 11:06:36 ----A---- C:\Windows\system32\MFC70.DLL
2014-10-05 11:02:59 ----D---- C:\ProgramData\Pinnacle Studio
2014-10-05 11:01:28 ----D---- C:\ProgramData\Pinnacle
2014-10-05 11:01:20 ----D---- C:\Program Files\Pinnacle
2014-10-05 10:59:58 ----D---- C:\Users\Sempron\AppData\Roaming\InstallShield
2014-09-25 21:16:27 ----D---- C:\Program Files\Mozilla Firefox
2014-09-22 19:17:31 ----D---- C:\Users\Sempron\AppData\Roaming\AVAST Software
2014-09-22 19:16:29 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-09-22 19:16:29 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-09-22 19:16:28 ----A---- C:\Windows\system32\drivers\aswsp.sys
2014-09-22 19:16:28 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2014-09-22 19:16:28 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-09-22 19:16:27 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-09-22 19:16:27 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-09-22 19:16:27 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-09-22 19:16:24 ----A---- C:\Windows\system32\aswBoot.exe
2014-09-22 19:16:15 ----A---- C:\Windows\avastSS.scr
2014-09-22 19:14:24 ----D---- C:\Program Files\AVAST Software

======List of files/folders modified in the last 1 month======

2014-10-11 14:56:03 ----D---- C:\Windows\Prefetch
2014-10-11 14:55:58 ----D---- C:\Windows\Temp
2014-10-11 14:55:52 ----D---- C:\Program Files
2014-10-11 14:48:29 ----D---- C:\Windows\system32\config
2014-10-11 14:39:16 ----SHD---- C:\System Volume Information
2014-10-11 14:03:05 ----D---- C:\Windows
2014-10-11 14:03:05 ----A---- C:\Windows\system.ini
2014-10-11 13:56:30 ----D---- C:\Windows\system32\drivers
2014-10-11 13:56:30 ----D---- C:\Windows\System32
2014-10-11 13:56:30 ----D---- C:\Windows\AppPatch
2014-10-11 13:56:23 ----D---- C:\Program Files\Common Files
2014-10-11 13:42:43 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-10-10 17:01:00 ----D---- C:\Windows\system32\catroot
2014-10-10 17:00:59 ----D---- C:\Windows\system32\DriverStore
2014-10-10 17:00:59 ----D---- C:\Windows\inf
2014-10-10 17:00:56 ----D---- C:\Windows\system32\catroot2
2014-10-10 16:59:06 ----HD---- C:\Program Files\InstallShield Installation Information
2014-10-08 17:38:24 ----D---- C:\ProgramData
2014-10-05 17:24:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-10-05 11:20:13 ----RSD---- C:\Windows\Fonts
2014-10-05 11:14:21 ----SHD---- C:\Windows\Installer
2014-10-05 11:14:16 ----D---- C:\Windows\winsxs
2014-10-05 11:11:58 ----A---- C:\AUTOEXEC.BAT
2014-10-03 18:47:43 ----D---- C:\Windows\Tasks
2014-10-03 18:47:43 ----D---- C:\Windows\system32\Tasks
2014-10-03 18:47:31 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-09-27 12:48:30 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-09-23 15:21:47 ----D---- C:\Windows\Minidump
2014-09-22 19:14:24 ----D---- C:\ProgramData\AVAST Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-09-22 49944]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-09-22 192352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 videX32;videX32; C:\Windows\system32\DRIVERS\videX32.sys [2006-10-17 9216]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-09-22 81768]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-09-22 779536]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-09-22 414520]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-09-22 24184]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-09-22 67824]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
R3 AVerA706;AVerMedia A706 BDA Service; C:\Windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]
R3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 SrvHsfPCI;SrvHsfPCI; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2009-07-14 266752]
R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992]
R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504]
R3 viagfx;viagfx; C:\Windows\system32\DRIVERS\vtmini.sys [2006-04-13 252416]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-09-22 71944]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\Sempron\AppData\Local\Temp\catchme.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 MSICDSetup;MSICDSetup; \??\E:\CDriver.sys []
S3 NTIOLib_1_0_C;NTIOLib_1_0_C; \??\E:\NTIOLib.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-09-22 50344]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 PCLEPCI;PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-09-25 114288]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S3 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
S3 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

-----------------EOF-----------------

[Márty84]

Zdravim

Uvolnete nejake misto na disku, system se dusi.

Spybota odinstalujte, program je zastaraly a v dnesni dobe k nicemu.

Kde Avast hlasi havet?

Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze Vzhledem k RAMce dost pochybuju, ze tam byl od koupi stroje, protoze jen blazen by tam takovy system rval, kdyz RAMka neni ani 1GB

Predpokladam, ze s ComboFixem umite pracovat, kdyz jste ho spustil, je to tak?

[Nomad384]

Zdravím a děkuji za zájem.

Awast hlásí rootkit na cestě: C:\ProgramFiles\Common Files\Microsoft Shared\VS7Debug\mdm.exe

O možnostech combofixu bohužel nic nevím, budu rád, pokud mi navrhnete co dál.

Na uvolnění místa už se pracuje.

Sys je bohužel nelegál. O mizerné RAM samozřejmě vím. Je to jen provizorní stav.

[Márty84]

Awast hlásí rootkit na cestě: C:\ProgramFiles\Common Files\Microsoft Shared\VS7Debug\mdm.exe

Otestujte ten soubor na virustotal a jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846 , muze jit o falesny polach.

O možnostech combofixu bohužel nic nevím, budu rád, pokud mi navrhnete co dál.

Tak proc jste ho spoustel??? Kdybyste si precetl pravidla fora http://forum.viry.cz/viewtopic.php?f=12&t=5601 , docetl byste se mimo jine toto

2. Před položením dotazu použijte tlačítko Hledat. Možná již někdo problém podobným Vašemu řešil. Pokud ale ve vyřešeném tématu budou aplikovány různé utility\aplikace, nespouštějte je. Utility se používají až na pokyn rádce, jelikož mohou mazat stopy po havěti a v rukou ne-oborníka může mít jejich použití nedozírné následky.

3. Zvláště utilitu ComboFix nespouštějte i když Vám ji poradil kamarád\nějaký rádoby odborný web. Naše fórum je jediné z CZ-SK antivirových fór, která mají právo luštit logy z ComboFixu a mámě též plnou podporu autora této utility a přístup k nejaktuálnějším informacím a návodům.

CF smaze veskere stopy pripadne nakazy a RSIT je pak vzdy cisty a neni se ceho chytit. Jelikoz jste tu poprve, koukli bychom na to i tak, ale....

Sys je bohužel nelegál.

Pravidla fora hovori jasne http://forum.viry.cz/viewtopic.php?f=12&t=115512

Pomáhat NELZE:
2) Pokud stroj uživatele prokazatelně obsahuje nelegální hostitelský čí ochranný software
(operační systém, antivir, firewall, atd.), je nutné navést uživatele k nápravě, např. skrze neplacený software,
a začít řešit, až v době kdy je PC "v pořádku". V případě že uživatel nechce na pravidla přistoupit,
je nutné jej vyzvat ať fórum opustí, a vrátí se až je splní.

[Nomad384]

Virustotal soubor považuje za neinfikovaný: Detection ratio: 0 / 54

Použití Combofixu je samozřejmě moje hloupost a neznalost. Myslel jsem, že je to pouze scann bez nějakého zásahu.

Lze se spolehnout na výsledek z Virustotal?

Vaše pravidla samozřejmě respektuji a omlouvám se za nepřečtení.

[Nomad384]

Jotti též bez nálezu.

[Márty84]

Vypada to spis na falesny polach Avastu. A pokud s pc neni jinak problem....

Zkopirujte sem jeste log z CF
2014-10-11 14:06:08 ----A---- C:\ComboFix.txt

[Nomad384]

Log z combofix:
ComboFix 14-10-04.01 - Sempron 11.10.2014 13:49:15.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.960.460 [GMT 2:00]
Spuštěný z: c:\users\Sempron\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-09-11 do 2014-10-11 )))))))))))))))))))))))))))))))
.
.
2014-10-11 12:02 . 2014-10-11 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-10 16:35 . 2014-10-10 17:06 -------- d-----w- c:\users\Sempron\AppData\Roaming\.RTS
2014-10-10 16:10 . 2014-10-10 16:35 -------- d-----w- C:\RTSStavitel
2014-10-08 15:38 . 2014-10-08 15:38 -------- d-----w- c:\users\Sempron\AppData\Roaming\Ashampoo
2014-10-08 15:38 . 2014-10-08 15:38 -------- d-----w- c:\users\Sempron\AppData\Local\ashampoo
2014-10-08 15:38 . 2014-10-08 15:38 -------- d-----w- c:\programdata\Ashampoo
2014-10-08 15:38 . 2014-10-08 15:38 -------- d-----w- c:\program files\Ashampoo
2014-10-05 09:21 . 2005-07-12 12:25 401408 ----a-w- c:\windows\system32\pvmjpg30.dll
2014-10-05 09:21 . 2003-04-21 14:11 1230336 ----a-w- c:\windows\system32\msxml4.dll
2014-10-05 09:21 . 2003-04-21 14:11 82432 ----a-w- c:\windows\system32\msxml4r.dll
2014-10-05 09:21 . 2003-04-21 14:11 44544 ----a-w- c:\windows\system32\msxml4a.dll
2014-10-05 09:21 . 2006-11-15 09:29 1712128 ----a-w- c:\windows\system32\GDIPLUS.DLL
2014-10-05 09:19 . 2007-03-06 16:53 41984 ----a-w- c:\windows\system32\cacheX.dll
2014-10-05 09:19 . 2006-04-11 13:03 233472 ------w- c:\windows\system32\DiskIO.dll
2014-10-05 09:19 . 2006-04-11 13:03 184320 ------w- c:\windows\system32\RALMain.dll
2014-10-05 09:19 . 2005-12-12 13:57 32768 ------w- c:\windows\system32\MLPagAx.dll
2014-10-05 09:19 . 2004-01-02 10:28 126976 ------w- c:\windows\system32\AVIPrAx.dll
2014-10-05 09:19 . 2001-12-11 20:21 73728 ------w- c:\windows\system32\MMAviAx.dll
2014-10-05 09:17 . 2005-03-21 17:04 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2014-10-05 09:17 . 2003-11-10 16:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2014-10-05 09:17 . 2003-11-10 16:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2014-10-05 09:17 . 2003-11-10 16:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2014-10-05 09:17 . 2003-11-10 16:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2014-10-05 09:16 . 2014-10-05 09:16 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2014-10-05 09:16 . 2014-10-05 09:16 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2014-10-05 09:12 . 2004-07-02 15:28 89088 ----a-w- c:\windows\system32\atl71.dll
2014-10-05 09:12 . 2004-07-02 15:28 84992 ----a-w- c:\windows\system32\ATL70.DLL
2014-10-05 09:11 . 2007-01-26 00:04 57856 ----a-w- c:\windows\system32\masd32.dll
2014-10-05 09:11 . 2007-01-26 00:04 27648 ----a-w- c:\windows\system32\ma32.dll
2014-10-05 09:11 . 2007-01-26 00:04 196096 ----a-w- c:\windows\system32\macd32.dll
2014-10-05 09:11 . 2007-01-26 00:04 138752 ----a-w- c:\windows\system32\mase32.dll
2014-10-05 09:11 . 2007-01-26 00:04 136192 ----a-w- c:\windows\system32\mamc32.dll
2014-10-05 09:09 . 2005-02-09 10:59 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2014-10-05 09:08 . 2007-01-04 08:07 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2014-10-05 09:08 . 2004-02-24 11:04 41219 ----a-w- c:\windows\RSETPATH.exe
2014-10-05 09:02 . 2014-10-05 09:22 -------- d-----w- c:\programdata\Pinnacle Studio
2014-10-05 09:01 . 2014-10-05 09:22 -------- d-----w- c:\programdata\Pinnacle
2014-10-05 09:01 . 2014-10-05 09:18 -------- d-----w- c:\program files\Pinnacle
2014-10-05 08:59 . 2014-10-05 08:59 -------- d-----w- c:\users\Sempron\AppData\Roaming\InstallShield
2014-09-22 17:17 . 2014-09-22 17:17 -------- d-----w- c:\users\Sempron\AppData\Roaming\AVAST Software
2014-09-22 17:16 . 2014-09-22 17:16 71944 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-09-22 17:16 . 2014-09-22 17:16 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-22 17:16 . 2014-09-22 17:16 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-22 17:16 . 2014-09-22 17:16 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-09-22 17:16 . 2014-09-22 17:16 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-22 17:16 . 2014-09-22 17:16 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-22 17:16 . 2014-09-22 17:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-09-22 17:16 . 2014-09-22 17:16 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-22 17:16 . 2014-09-22 17:16 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-09-22 17:16 . 2014-09-22 17:16 43152 ----a-w- c:\windows\avastSS.scr
2014-09-22 17:14 . 2014-09-22 17:14 -------- d-----w- c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-03 16:47 . 2014-04-20 14:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-03 16:47 . 2014-04-20 14:04 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-22 17:16 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"VTTrayp"="VTtrayp.exe" [2006-03-23 176128]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-22 4085896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
2007-03-21 13:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 08:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2014-09-01 14:43 468192 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-09-22 71944]
R3 MSICDSetup;MSICDSetup;E:\CDriver.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;E:\NTIOLib.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-09-22 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-09-22 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-09-22 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-09-22 67824]
S3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sempron\AppData\Roaming\Mozilla\Firefox\Profiles\dqnpllpt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-10-11 14:06:07
ComboFix-quarantined-files.txt 2014-10-11 12:06
.
Před spuštěním: 746 323 968
Po spuštění: 763 748 352
.
- - End Of File - - 0DB5AA85FA9ACB8BD9794ED8D87E8D65
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Log vypada vicemene v poradku, takze pokud s pc neni zadny problem, vypada to spis na falesny poplach Avastu.
Uz dlouho jsem nemel zadny nalez, ale pokud si dobre pamatuju, byla u Avastu moznost nahlaseni falesneho polachu a po nekolika aktualizacich uz to pak nehlasil jako havet, pokud to tedy havet opravdu nebyla. Tak zkuste pohledat. Jinak je to asi vse. Neco na smazani by se naslo (nic vazneho), ale pravidla mi to bohuzel nedovoluji

[Nomad384]

Moc děkuji a přeji hezký večer.

[Márty84]

Nemate zac!

Mejte se a treba zase nekdy, snad s lepsim vysledkem