NELZE SPUSTIT RSIT

[Boofy]

Dobrý den,

Mám takový problém, po zapnutí pc mi nenaběhne explorer.exe, naběhne pouze pozadí plochy ale bez ikon a spodní lišty. Přes správce úloh jsem se pokoušel rozjet explorer.exe , ale nic se nestalo. Tak jsem se dostal až tady, ale když jsem chtěl spustit RSIT a vytvořit log tak mi to při spuštění napsalo chybu

Line 3601 (File "D:\plocha...\RSIT..exe"):

Error: Subscript used with non-Array variable.

Nevíte někdo prosím jak na to?

Děkuji

[Boofy]

Tak jsem to nějak pokoušel řešit (googlit) a nainstaloval jsem windowsinstaller abych alespoň mohl nainstalovat xpmanager, na který jsem tady na foru narazil, ale při instalaci opět vyskočilo několik chyb. Nevím jestli to pomůže ale tady je alespoň log z HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 14:47:43, on 6.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\PROCEXP.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\PROCEXP.EXE
C:\Program Files\Yamicsoft\WinXP Manager\WinXP Manager.exe
D:\Plocha\hrubas\programy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\UIVATE~1\DATAAP~1\Media Finder\Extensions\gencrawler_gc.dll
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
O3 - Toolbar: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: fliptoast.lnk = C:\Program Files\fliptoast\fliptoast.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: GamePark klient 2.lnk = C:\Program Files\GamePark2\gpcl.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

[motji]

Dobrý večer

Zazálohujte si důležitá data, pro jistotu

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[Boofy]

Dobrý den

Tady je LOG z ComboFix:

ComboFix 12-03-10.01 - uživatel 10.03.2012 15:28:58.1.2 - x86
Spuštěný z: c:\documents and settings\u×ivatel\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\s
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\29e39670e84cd07c.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\geeo.nls
c:\windows\system32\SET1D3.tmp
c:\windows\system32\SET1D7.tmp
c:\windows\system32\SET1D8.tmp
c:\windows\system32\SET1DF.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-10 do 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-06 17:28 . 2012-03-06 17:29 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\GlarySoft
2012-03-06 17:28 . 2012-03-06 17:28 -------- d-----w- c:\program files\Glary Registry Repair
2012-03-06 15:20 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-03-06 15:20 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-03-06 15:20 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-03-06 15:20 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-03-06 13:44 . 2012-03-06 13:44 -------- d-----w- c:\program files\Yamicsoft
2012-03-05 18:01 . 2012-03-06 19:10 -------- d-----w- c:\windows\system32\CatRoot_bak
2012-03-05 17:14 . 2012-03-05 17:14 -------- d-----w- c:\program files\CCleaner
2012-03-05 16:51 . 2012-03-05 17:20 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Media Finder
2012-03-05 16:51 . 2012-03-05 16:51 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\Babylon
2012-03-05 16:51 . 2012-03-05 16:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Babylon
2012-03-05 16:27 . 2012-02-14 12:10 4777280 ----a-w- c:\windows\procexp.exe
2012-03-05 15:18 . 2012-03-05 15:18 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\DriverCure
2012-03-05 15:18 . 2012-03-05 15:18 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\ParetoLogic
2012-03-05 15:18 . 2012-03-05 17:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ParetoLogic
2012-03-05 14:54 . 2012-03-05 14:54 -------- d-----w- C:\VundoFix Backups
2012-03-05 13:52 . 2012-03-06 16:47 -------- d-----w- c:\program files\trend micro
2012-03-05 13:52 . 2012-03-05 13:52 -------- d-----w- C:\rsit
2012-03-05 12:08 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2012-03-05 12:08 . 2012-03-05 12:08 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-03-05 12:08 . 2012-03-05 12:08 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\com.w3i.FlipToast
2012-03-05 12:08 . 2012-03-05 12:08 -------- d-----w- c:\program files\fliptoast
2012-03-05 12:08 . 2012-03-05 12:08 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-03-05 12:08 . 2012-03-05 12:08 -------- d-----w- c:\program files\Driver-Soft
2012-03-05 11:40 . 2012-03-05 11:40 -------- d-----w- c:\program files\Advanced PC Tweaker
2012-03-05 11:09 . 2002-06-06 15:13 1077344 ----a-w- c:\windows\system32\mscomctl.ocx
2012-03-05 11:09 . 2000-05-22 15:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
2012-03-04 17:49 . 2012-03-05 17:18 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\SoundSpectrum
2012-03-04 17:49 . 2012-03-04 17:49 -------- d-----w- c:\documents and settings\uživatel\Local Settings\Data aplikací\SoundSpectrum
2012-03-04 17:48 . 2012-03-04 17:48 -------- d-----w- c:\program files\SoundSpectrum
2012-03-01 13:22 . 2012-03-01 13:22 -------- d-----w- c:\documents and settings\uživatel\Data aplikací\AVG Secure Search
2012-02-24 06:59 . 2012-02-26 08:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG Secure Search
2012-02-24 06:59 . 2012-02-26 08:38 -------- d-----w- c:\program files\AVG Secure Search
2012-02-24 06:59 . 2012-02-24 06:59 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-02-23 10:21 . 2012-03-05 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Vextractor
2012-02-12 07:51 . 2012-02-12 07:51 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Nokia
2012-02-12 07:49 . 2011-05-18 09:09 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2012-02-12 07:49 . 2011-05-18 09:09 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2012-02-12 07:49 . 2011-05-18 09:13 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-02-12 07:49 . 2012-02-13 08:30 -------- d-----w- c:\program files\Nokia
2012-02-12 07:49 . 2009-07-13 17:16 16896 ----a-w- c:\windows\system32\winusb.dll
2012-02-12 07:49 . 2009-07-13 15:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2012-02-12 07:49 . 2012-02-13 08:30 -------- d-----w- c:\program files\Common Files\Nokia
2012-02-12 07:48 . 2005-08-03 15:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2012-02-12 07:48 . 2005-08-03 15:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2012-02-12 07:48 . 2012-02-12 07:48 -------- d-----w- c:\program files\MSXML 6.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 08:34 . 2011-05-28 10:19 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-03-05 08:33 . 2011-05-28 10:19 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-03-05 08:33 . 2011-05-28 10:19 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-01-07 12:29 . 2011-02-20 18:33 87608 ----a-w- c:\documents and settings\uživatel\Data aplikací\inst.exe
2012-01-07 12:29 . 2011-02-20 18:33 47360 ----a-w- c:\documents and settings\uživatel\Data aplikací\pcouffin.sys
2011-12-24 09:25 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-24 09:25 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-04 10:24 . 2011-05-01 18:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP Internet Guardian"="c:\documents and settings\uživatel\Data aplikací\QipGuard\QipGuard.exe" [2010-12-13 187776]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Infium"="c:\program files\QIP 2010\qip.exe" [2011-07-18 6812032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-03 19573352]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-24 296056]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-01-16 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-26 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-26 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-08-28 2007]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\uživatel\Nabídka Start\Programy\Po spuštění\
fliptoast.lnk - [N/A]
OpenOffice.org 3.2.lnk - [N/A]
.
c:\documents and settings\uživatel\Nabídka Start\Programy\Po spuštění\
fliptoast.lnk - [N/A]
OpenOffice.org 3.2.lnk - [N/A]
.
c:\documents and settings\uživatel\Nabídka Start\Programy\Po spuštění\
fliptoast.lnk - [N/A]
OpenOffice.org 3.2.lnk - [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
GamePark klient 2.lnk - [N/A]
.
c:\documents and settings\uživatel\Nabídka Start\Programy\Po spuštění\
fliptoast.lnk - [N/A]
OpenOffice.org 3.2.lnk - [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\QIP 2010\\qip.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 136176]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2011-05-18 8576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-26 909152]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - PROCEXP152
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-23 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-OEM-uživatel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-16 15:57]
.
2012-03-09 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 10:43]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 13:04]
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-16 13:04]
.
2012-03-05 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2012-03-05 09:02]
.
2012-03-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1383384898-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-03-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1383384898-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-03-10 c:\windows\Tasks\User_Feed_Synchronization-{47E12430-4FFA-4FDE-B946-4E39909EF69B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
TCP: DhcpNameServer = 10.10.10.1 10.10.10.2
FF - ProfilePath - c:\documents and settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\nu6n29hb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 15:31
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-03-10 15:32:00
ComboFix-quarantined-files.txt 2012-03-10 14:31
.
Před spuštěním: Volných bajtů: 34 991 599 616
Po spuštění: Volných bajtů: 36 236 701 696
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FD95DA9B807C859A0A69E5187E81DED8

[motji]

Ted to s počítačem vypadá jak?

[Boofy]

PC je pořád ve stejném stavu v jakém byl. Vše musím ovládat přes správce úloh/ nová úloha...nebo to vše spíš znamená jen internet, protože skoro nic jiného mi nefunguje

[motji]

Odkdy máte tyto problémy, stahoval jste nějaký program?
Poprosím ještě o log ze rsitu s názvem Info.txt.

[Boofy]

Dobrý den,

omlouvám se, náročný pracovní týden mi moc nedovolil sem napsat. Tento problém jsem si způsobil určitě sám, stalo se to asi dva týdny zpátky. Chtěl jsem nainstalovat program fruity loops v9, který jsem již dříve v pc měl, ale nešel mi nainstlovat a já určitě smazal něco co jsem neměl. Log z RSIT nemohu poslat, protože RSIT nejde spustit viz název tématu

[motji]

Obnovu systému jste zkoušel?

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[Boofy]

V Aplikaci OTL došlo k chybě a je třeba ji zavřít. Omlouváme se za vzniklé potíže. Tohle to na mě vyhodilo po spuštění

[motji]

Zkuste ji v nouzovém režimu.