Win32:Malware-gen a Win32:Trojan-gen

[jthorn]

Dobrý den,
PC mi zničeho nic přestalo nabíhat Windows. Po POSTu jsem viděl jenom logo windows a bar. Místo obrazovky z uživatelskými účty mám černo. Po restartu a nouzovém režimu mi Avast našel viry viz. název vlákna. Soubory jsem odstranil a znovu projel Avastem => čisto. Přesto obrazovku s účty stále nevidím. Prosím tedy o kontrolu logu. Díky.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2010-04-13 08:55:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 68 GB (66%) free of 103 GB
Total RAM: 2046 MB (85% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"36X Raid Configurer"=C:\WINDOWS\System32\JMRaidSetup.exe [2007-02-06 1953792]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"ErgoMedia"=C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe [2005-06-28 1855488]
"mouseElf"=C:\PROGRA~1\GAMING~1\MouseElf.EXE [2006-02-27 471166]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-06-18 26112]
"motoregcheck"=C:\Program Files\Common Files\Motorola\Broadband\SBV5121\RegCheck.exe [2006-03-22 180224]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-24 98304]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2007-04-20 499712]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-03-16 1800464]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"=C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe [2004-04-21 86016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-02 3055616]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-12-16 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-04-13 08:28:02 ----D---- C:\Program Files\trend micro
2010-04-13 08:28:00 ----D---- C:\rsit
2010-04-13 07:23:54 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-30 19:00:10 ----D---- C:\WINDOWS\system32\STRING
2010-03-30 19:00:10 ----A---- C:\WINDOWS\system32\CNMNPUI.DLL
2010-03-30 19:00:09 ----D---- C:\WINDOWS\system32\CHM
2010-03-30 19:00:09 ----A---- C:\WINDOWS\system32\CNMNPPM.DLL
2010-03-30 18:58:57 ----D---- C:\Program Files\Canon
2010-03-30 18:51:14 ----SHD---- C:\WINDOWS\CSC
2010-03-29 17:26:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
2010-03-29 17:25:59 ----A---- C:\WINDOWS\system32\LMIport.dll
2010-03-29 17:25:58 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2010-03-29 17:25:56 ----D---- C:\WINDOWS\LastGood.Tmp
2010-03-29 17:25:54 ----A---- C:\WINDOWS\system32\LMIinit.dll
2010-03-23 09:04:19 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-03-23 09:04:12 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-03-23 09:04:08 ----D---- C:\Program Files\iWisoft Free Video Converter
2010-03-18 10:38:47 ----A---- C:\WINDOWS\system32\wnaspi32.dll
2010-03-18 10:10:50 ----D---- C:\archive_db
2010-03-18 09:23:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Paragon
2010-03-18 08:53:19 ----D---- C:\Program Files\Paragon Software
2010-03-16 08:36:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2010-03-16 08:36:25 ----A---- C:\WINDOWS\system32\guard32.dll
2010-03-16 08:36:21 ----D---- C:\Program Files\COMODO
2010-03-16 08:25:25 ----D---- C:\WINDOWS\Prefetch
2010-03-16 08:20:40 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\credssp.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-03-16 08:20:39 ----N---- C:\WINDOWS\system32\azroles.dll
2010-03-16 08:20:38 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-03-16 08:20:38 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\napstat.exe
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\mssha.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-03-16 08:20:37 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-03-16 08:20:36 ----N---- C:\WINDOWS\system32\setupn.exe
2010-03-16 08:20:36 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-03-16 08:20:36 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-03-16 08:20:36 ----N---- C:\WINDOWS\system32\qutil.dll
2010-03-16 08:20:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-03-16 08:20:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-03-16 08:20:36 ----N---- C:\WINDOWS\system32\qagent.dll
2010-03-16 08:20:36 ----N---- C:\WINDOWS\system32\onex.dll
2010-03-16 08:20:35 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2010-03-16 08:20:35 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-03-16 08:20:35 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-03-16 08:20:35 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-03-16 08:20:35 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-03-16 08:20:34 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-03-16 08:20:34 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-03-16 08:20:33 ----D---- C:\WINDOWS\system32\cs-cz
2010-03-16 08:20:33 ----D---- C:\WINDOWS\l2schemas
2010-03-16 08:20:32 ----D---- C:\WINDOWS\system32\cs
2010-03-16 08:20:32 ----D---- C:\WINDOWS\system32\bits
2010-03-16 08:16:34 ----D---- C:\WINDOWS\network diagnostic
2010-03-16 08:15:31 ----A---- C:\WINDOWS\005521_.tmp
2010-03-15 15:21:55 ----SHD---- C:\RECYCLER

======List of files/folders modified in the last 1 months======

2010-04-13 08:28:02 ----RD---- C:\Program Files
2010-04-13 07:24:57 ----D---- C:\WINDOWS
2010-04-13 06:09:24 ----D---- C:\WINDOWS\Temp
2010-04-13 05:59:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 05:59:23 ----HD---- C:\WINDOWS\inf
2010-04-01 17:52:56 ----D---- C:\Program Files\Mozilla Firefox
2010-03-30 19:00:10 ----D---- C:\WINDOWS\system32
2010-03-29 20:18:56 ----D---- C:\WINDOWS\Microsoft.NET
2010-03-29 17:26:04 ----SHD---- C:\WINDOWS\Installer
2010-03-29 17:26:00 ----D---- C:\Program Files\LogMeIn
2010-03-29 17:25:58 ----D---- C:\WINDOWS\system32\drivers
2010-03-28 08:46:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 19:25:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-03-23 14:53:33 ----D---- C:\Petr
2010-03-23 10:42:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-03-23 09:15:30 ----D---- C:\Program Files\MOJE
2010-03-23 09:15:29 ----D---- C:\Program Files\WinRAR
2010-03-23 08:41:15 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-22 09:10:41 ----D---- C:\Documents and Settings\Petr\Data aplikací\Spyware Terminator
2010-03-18 10:38:35 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-18 08:54:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-16 15:13:47 ----D---- C:\WINDOWS\Debug
2010-03-16 15:10:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-16 08:24:49 ----D---- C:\WINDOWS\system32\Setup
2010-03-16 08:24:48 ----D---- C:\WINDOWS\system32\wbem
2010-03-16 08:24:48 ----D---- C:\WINDOWS\AppPatch
2010-03-16 08:24:48 ----D---- C:\Program Files\Outlook Express
2010-03-16 08:24:48 ----D---- C:\Program Files\Common Files\System
2010-03-16 08:24:47 ----RSD---- C:\WINDOWS\Fonts
2010-03-16 08:23:51 ----D---- C:\WINDOWS\security
2010-03-16 08:22:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-16 08:20:52 ----D---- C:\WINDOWS\WinSxS
2010-03-16 08:20:49 ----D---- C:\Program Files\Messenger
2010-03-16 08:20:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-16 08:20:48 ----D---- C:\WINDOWS\ServicePackFiles
2010-03-16 08:20:47 ----D---- C:\Program Files\Windows Media Player
2010-03-16 08:20:46 ----D---- C:\WINDOWS\Help
2010-03-16 08:20:42 ----D---- C:\WINDOWS\EHome
2010-03-16 08:20:41 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-16 08:20:41 ----D---- C:\WINDOWS\ime
2010-03-16 08:20:33 ----D---- C:\WINDOWS\system32\usmt
2010-03-16 08:20:33 ----D---- C:\Program Files\Internet Explorer
2010-03-16 08:20:32 ----D---- C:\WINDOWS\peernet
2010-03-16 08:20:32 ----D---- C:\Program Files\Movie Maker
2010-03-16 08:18:21 ----D---- C:\WINDOWS\system32\Restore
2010-03-16 08:18:21 ----D---- C:\WINDOWS\system32\npp
2010-03-16 08:18:20 ----D---- C:\WINDOWS\msagent
2010-03-16 08:18:18 ----D---- C:\WINDOWS\srchasst
2010-03-16 08:18:18 ----D---- C:\Program Files\NetMeeting
2010-03-16 08:18:17 ----D---- C:\WINDOWS\system32\Com
2010-03-16 08:18:15 ----D---- C:\Program Files\Windows NT
2010-03-16 08:17:58 ----D---- C:\WINDOWS\system32\oobe
2010-03-16 08:17:56 ----D---- C:\WINDOWS\system
2010-03-16 08:15:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-16 08:15:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-03-16 08:00:20 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-03-16 25160]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2003-12-04 11264]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 ROCKEYNT;Feitian ROCKEY4 Device Service; C:\WINDOWS\system32\DRIVERS\Rockey4.sys [2008-10-23 22016]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
S1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2006-10-31 11008]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-03-16 133064]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2010-02-03 385544]
S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2010-02-03 34392]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
S2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-12-16 1918464]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 genmcmnUSB;USB Scroll Mouse Driver; C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2005-07-12 7808]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-28 4395008]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [2006-09-29 10752]
S3 YiRuanUSB;YiRuan device driver for 4d; C:\WINDOWS\system32\DRIVERS\yrtumdriver.sys [2005-05-20 5760]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-12-16 434176]
S2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-29 258560]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-03-16 723632]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-03-02 487936]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-11-30 74360]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[jthorn]

Tak, ač se do pc dostanu pouze přes nouzový režim, tak ComboFix hlásil spuštěnou rezidentní ochranu avastu. I tak jsem dal ano, aby jel dál, tak nevím jaký to mělo vliv na log.

ComboFix 10-04-13.02 - Petr 14.04.2010 6:25.5.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1764 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100330-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-14 do 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-13 06:28 . 2010-04-13 06:28 -------- d-----w- c:\program files\trend micro
2010-04-13 06:28 . 2010-04-13 06:55 -------- d-----w- C:\rsit
2010-03-30 17:00 . 2010-03-30 17:00 -------- d-----w- c:\windows\system32\STRING
2010-03-30 17:00 . 2009-04-03 16:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2010-03-30 17:00 . 2010-03-30 17:00 -------- d-----w- c:\windows\system32\CHM
2010-03-30 17:00 . 2009-04-03 16:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL
2010-03-30 16:58 . 2010-03-30 16:58 -------- d-----w- c:\program files\Canon
2010-03-29 15:25 . 2009-09-28 17:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-03-29 15:25 . 2009-09-28 17:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2010-03-29 15:25 . 2009-09-28 17:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-03-29 15:25 . 2008-08-11 10:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-03-29 15:25 . 2010-03-29 15:25 -------- d-----w- c:\windows\LastGood.Tmp
2010-03-29 15:25 . 2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2010-03-23 07:04 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-23 07:04 . 2009-09-29 19:57 758018 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-23 07:04 . 2010-03-23 07:04 -------- d-----w- c:\program files\iWisoft Free Video Converter
2010-03-23 06:12 . 2010-03-23 06:12 -------- d-----w- c:\documents and settings\Hanka\Dokumenty
2010-03-18 08:38 . 2007-05-04 18:26 13840 ----a-w- c:\windows\system32\wnaspi32.dll
2010-03-18 08:10 . 2010-03-18 08:10 -------- d-----w- C:\archive_db
2010-03-18 06:54 . 2007-05-04 18:26 38448 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-03-18 06:53 . 2010-03-18 08:38 -------- d-----w- c:\program files\Paragon Software
2010-03-16 06:36 . 2010-03-16 06:36 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-03-16 06:36 . 2010-03-16 06:36 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-03-16 06:36 . 2010-03-16 06:36 171552 ----a-w- c:\windows\system32\guard32.dll
2010-03-16 06:36 . 2010-03-16 06:36 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-03-16 06:36 . 2010-03-16 06:36 -------- d-----w- c:\program files\COMODO
2010-03-16 06:18 . 2008-04-14 07:51 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2010-03-16 06:16 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-03-15 12:38 . 2008-04-13 23:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 15:26 . 2010-02-03 08:44 -------- d-----w- c:\program files\LogMeIn
2010-03-28 06:46 . 2001-10-25 14:00 79062 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 06:46 . 2001-10-25 14:00 432004 ----a-w- c:\windows\system32\perfh005.dat
2010-03-23 07:40 . 2007-06-18 11:53 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2010-03-23 07:15 . 2007-10-09 19:35 -------- d-----w- c:\program files\MOJE
2010-03-18 08:38 . 2007-06-18 11:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 13:10 . 2010-03-04 05:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 06:21 . 2007-06-18 11:17 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-03-16 06:21 . 2007-06-18 11:17 3038 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-03-02 13:37 . 2007-06-18 11:23 15600 ----a-w- c:\windows\gdrv.sys
2010-03-02 12:25 . 2010-03-02 12:16 -------- d-----w- c:\program files\Defraggler
2010-03-02 12:00 . 2010-03-02 11:41 -------- d-----w- c:\program files\Spyware Terminator
2010-03-02 11:41 . 2010-03-02 11:41 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-02 10:37 . 2007-06-18 12:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-02 10:16 . 2007-06-18 12:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-02 08:23 . 2009-01-14 15:59 -------- d-----w- c:\program files\dm
2010-03-02 06:31 . 2007-10-05 16:17 -------- d-----w- c:\program files\SpeedFan
2010-03-01 10:18 . 2010-03-01 10:18 -------- d-----w- c:\program files\CCleaner
2010-02-03 15:17 . 2010-02-03 15:17 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-02-03 15:17 . 2010-02-03 15:17 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-02-03 15:17 . 2010-02-03 15:17 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-02-03 15:17 . 2010-02-03 15:17 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-02-03 15:17 . 2010-02-03 15:17 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2007-09-19 19:24 . 2007-09-19 19:24 18903153 ----a-w- c:\program files\droxiOfflineClient.exe
2004-10-01 13:00 . 2007-06-18 18:04 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="c:\program files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" [2004-04-21 86016]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-03-02 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\System32\JMRaidSetup.exe" [2007-02-06 1953792]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"ErgoMedia"="c:\progra~1\KYE\ERGOME~1\SyTray.exe" [2005-06-28 1855488]
"mouseElf"="c:\progra~1\GAMING~1\MouseElf.EXE" [2006-02-27 471166]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-06-18 26112]
"motoregcheck"="c:\program files\Common Files\Motorola\Broadband\SBV5121\RegCheck.exe" [2006-03-22 180224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-24 98304]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2007-04-20 499712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-03-16 1800464]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-18 113664]
Akceler tor spuçtŘnˇ AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2004-2-25 10872]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-6-24 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 17:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [18.3.2010 8:54 38448]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [16.3.2010 8:36 25160]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7.4.2008 9:39 114768]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [16.3.2010 8:36 133064]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2.3.2010 13:41 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7.4.2008 9:39 20560]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.8.2008 12:41 12856]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [18.6.2007 20:21 7808]
S3 YiRuanUSB;YiRuan device driver for 4d;c:\windows\system32\drivers\yrtumdriver.sys [18.6.2007 20:12 5760]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-05-15 16:08 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\25rq6kar.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... searchfor=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\guard32.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\guard32.dll
.
Celkový čas: 2010-04-14 06:29:59
ComboFix-quarantined-files.txt 2010-04-14 04:29

Před spuštěním: Volných bajtů: 71 061 803 008
Po spuštění: Volných bajtů: 71 029 551 104

- - End Of File - - F3946C19A8E2196355DF1C8DCBB653B8

[Rudy]

Log vypadá OK. Nastala nějaká změna?

[jthorn]

Dobré ráno, stav PC je stále stejný.
Koukal jsem i do správce zařízení, jestli není nějaky problém s ovladači, ale není. V prohlížeči událostí taky nic zvláštního.

[JaRon]

jednorazovo zaskocim:
skus obnovu systemu k datumu pred "havariou"

[jthorn]

Měl jsem za to, že mám obnovu systému vypnutou a tak jsem do obnovení vůbec nelezl. Obnova systému se zřejmě zapnula pri řešení problému s virem cca. před měsícem, kdy jsem spouštěl nějaky program dle rádce.
Každopádně mě to už po POSTu a loaderu XP přivítá přihlašovací obrazovkou.
Děkuji tedy za čas strávený nad logy.

[JaRon]

to je fajn doporucujem PC prescanovat s CureIT >> istota je istota

[jthorn]

Dobré ráno,

CureIT nic nenašel, takže se dá předpokládat, že systém je stále čistý.

[JaRon]

zda sa vsio OK

[jthorn]

Tak snad zbývá jenom poděkovat.
Takže vřelé díky za kontrolu logů.

[Rudy]

Za všechny: Není zač!