Nenajedou windows, nouzový režim ano

[7Johan7]

Ahoj, mohl byste mi prosím někdo poradit, co se děje s počítačem? Z ničeho nic odmítá nastartovat, zkoušel jsem opravu instalace systému a povedlo se mi konečně dostat alespon do nouzového režim. Normální způsob ovšem stále nejde a počítač se sekne a nechce dál fungovat. Děkuji moc

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jenik at 2012-10-08 18:29:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (52%) free of 38 GB
Total RAM: 1982 MB (88% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Jenik\Data aplikací\Mozilla\Firefox\Profiles\3kaj470a.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
NPOFFICE.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Jenik\Data aplikací\Mozilla\Firefox\Profiles\3kaj470a.default\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"=C:\WINDOWS\system32\S3trayp.exe [2010-12-17 199168]
"SRFirstRun"=rundll32 srclient.dll,CreateFirstRunRp []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2010-12-17 868352]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 3117344]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-12-14 2424560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
;;; VTTimer.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Jenik\Plocha\Microsoft Office 2010 Professional Plus x64_x86 ACTIVATOR\Keygen.exe"="C:\Documents and Settings\Jenik\Plocha\Microsoft Office 2010 Professional Plus x64_x86 ACTIVATOR\Keygen.exe:*:Enabled:Keygen"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-10-08 16:49:58 ----A---- C:\WINDOWS\ntbtlog.txt
2012-10-08 16:48:12 ----A---- C:\WINDOWS\setuplog.txt
2012-10-08 16:47:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-10-08 16:44:48 ----ASH---- C:\pagefile.sys
2012-10-08 16:42:38 ----D---- C:\WINDOWS\pss
2012-10-08 15:50:18 ----D---- C:\WINDOWS\Prefetch
2012-10-08 15:01:00 ----A---- C:\WINDOWS\system32\irclass.dll
2012-10-08 15:00:59 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-10-08 15:00:20 ----RA---- C:\WINDOWS\SET38.tmp
2012-10-08 15:00:13 ----RA---- C:\WINDOWS\SET2C.tmp
2012-10-08 15:00:10 ----RA---- C:\WINDOWS\SET29.tmp
2012-10-08 13:33:43 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-10-08 13:14:09 ----RA---- C:\WINDOWS\SETFD.tmp
2012-10-08 13:14:02 ----RA---- C:\WINDOWS\SETF1.tmp
2012-10-08 13:13:59 ----RA---- C:\WINDOWS\SETEE.tmp
2012-10-08 12:59:56 ----SHD---- C:\found.000

======List of files/folders modified in the last 1 month======

2012-10-08 18:28:26 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-08 18:28:22 ----D---- C:\WINDOWS
2012-10-08 16:56:55 ----D---- C:\WINDOWS\Temp
2012-10-08 16:55:49 ----D---- C:\WINDOWS\system
2012-10-08 16:55:47 ----D---- C:\WINDOWS\system32\Setup
2012-10-08 16:55:42 ----D---- C:\WINDOWS\Help
2012-10-08 16:55:30 ----D---- C:\WINDOWS\L2Schemas
2012-10-08 16:55:28 ----D---- C:\WINDOWS\system32\usmt
2012-10-08 16:55:09 ----D---- C:\WINDOWS\AppPatch
2012-10-08 16:55:05 ----D---- C:\WINDOWS\ime
2012-10-08 16:55:01 ----RSD---- C:\WINDOWS\Fonts
2012-10-08 16:55:00 ----D---- C:\WINDOWS\Media
2012-10-08 16:54:59 ----D---- C:\WINDOWS\Network Diagnostic
2012-10-08 16:54:54 ----D---- C:\WINDOWS\system32\cs-cz
2012-10-08 16:54:52 ----D---- C:\WINDOWS\system32\wbem
2012-10-08 16:54:25 ----D---- C:\WINDOWS\PeerNet
2012-10-08 16:53:48 ----D---- C:\WINDOWS\system32\npp
2012-10-08 16:53:33 ----D---- C:\WINDOWS\msagent
2012-10-08 16:53:17 ----D---- C:\WINDOWS\system32\cs
2012-10-08 16:51:59 ----SH---- C:\boot.ini
2012-10-08 16:51:59 ----A---- C:\WINDOWS\win.ini
2012-10-08 16:51:59 ----A---- C:\WINDOWS\system.ini
2012-10-08 16:48:22 ----D---- C:\WINDOWS\system32\1029
2012-10-08 16:48:02 ----D---- C:\WINDOWS\twain_32
2012-10-08 16:47:20 ----D---- C:\WINDOWS\SoftwareDistribution
2012-10-08 16:47:06 ----D---- C:\WINDOWS\system32\icsxml
2012-10-08 16:46:19 ----D---- C:\WINDOWS\system32\ias
2012-10-08 16:46:12 ----D---- C:\WINDOWS\system32\1033
2012-10-08 16:44:49 ----D---- C:\WINDOWS\Driver Cache
2012-10-08 16:40:45 ----D---- C:\WINDOWS\Debug
2012-10-08 15:55:56 ----D---- C:\WINDOWS\system32
2012-10-08 15:55:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-10-08 15:51:43 ----D---- C:\WINDOWS\Registration
2012-10-08 15:50:37 ----SHD---- C:\System Volume Information
2012-10-08 15:50:33 ----HD---- C:\WINDOWS\inf
2012-10-08 15:41:45 ----D---- C:\WINDOWS\system32\config
2012-10-08 15:40:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-10-08 15:34:41 ----D---- C:\WINDOWS\system32\drivers
2012-10-08 15:33:31 ----A---- C:\WINDOWS\ODBCINST.INI
2012-10-08 15:33:00 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-10-08 15:31:59 ----RD---- C:\WINDOWS\Web
2012-10-08 15:31:59 ----RD---- C:\Program Files
2012-10-08 15:31:43 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2012-10-08 15:31:01 ----D---- C:\WINDOWS\system32\oobe
2012-10-08 15:30:32 ----D---- C:\WINDOWS\system32\Com
2012-10-08 15:27:28 ----D---- C:\WINDOWS\security
2012-10-08 15:01:30 ----D---- C:\WINDOWS\system32\CatRoot
2012-10-08 15:00:38 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2012-10-08 14:59:36 ----D---- C:\WINDOWS\WinSxS
2012-10-08 14:31:20 ----D---- C:\Documents and Settings
2012-10-08 13:31:28 ----D---- C:\Program Files\Movie Maker
2012-10-08 13:31:25 ----D---- C:\Program Files\Outlook Express
2012-10-08 13:31:17 ----D---- C:\Program Files\Internet Explorer
2012-10-08 13:29:02 ----SHD---- C:\WINDOWS\Installer
2012-10-05 10:46:37 ----D---- C:\Config.Msi
2012-10-05 10:45:58 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-09-23 03:01:23 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-13 07:59:46 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-09-12 03:03:31 ----A---- C:\WINDOWS\system32\MRT.exe
2012-09-10 18:17:57 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2010-12-17 5810]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys []
S1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-03-14 160816]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
S1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2012-03-14 104160]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2010-12-17 293888]
S3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2010-12-17 93952]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2010-12-17 596992]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2010-12-17 392960]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-03-07 913144]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
S2 S3LoadSv;S3LoadSv; C:\WINDOWS\system32\S3LoadSv.exe []
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-10 114144]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

-----------------EOF-----------------

[Rudy]

Zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[7Johan7]

Děkuji

ComboFix 12-10-08.02 - Jenik 08.10.2012 20:11:56.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1982.1736 [GMT 2:00]
Spuštěný z: E:\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-08 do 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 13:40 . 2008-04-14 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-10-08 13:40 . 2008-04-14 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-10-08 13:40 . 2008-04-14 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2012-10-08 13:40 . 2008-04-14 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-10-08 13:40 . 2008-04-14 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2012-10-08 13:38 . 2008-04-14 12:00 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2012-10-08 13:37 . 2008-04-14 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-10-08 13:36 . 2008-04-14 12:00 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2012-10-08 13:35 . 2008-04-14 12:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2012-10-08 13:34 . 2003-04-14 18:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2012-10-08 13:01 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-10-08 13:01 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-10-08 13:00 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-10-08 13:00 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-10-08 13:00 . 2008-04-14 12:00 16825 ----a-r- c:\windows\SET38.tmp
2012-10-08 13:00 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SET2C.tmp
2012-10-08 13:00 . 2008-04-14 12:00 1246067 ----a-r- c:\windows\SET29.tmp
2012-10-08 12:31 . 2012-10-08 12:31 -------- d-----w- c:\documents and settings\Administrator
2012-10-08 11:31 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-10-08 11:31 . 2008-04-14 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-10-08 11:14 . 2008-04-14 12:00 16825 ----a-r- c:\windows\SETFD.tmp
2012-10-08 11:14 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SETF1.tmp
2012-10-08 11:13 . 2008-04-14 12:00 1246067 ----a-r- c:\windows\SETEE.tmp
2012-10-08 10:59 . 2012-10-08 10:59 -------- d-----w- C:\found.000
2012-09-10 16:17 . 2012-09-10 16:17 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 16:17 . 2012-06-30 10:49 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2010-12-17 199168]
"SRFirstRun"="srclient.dll" [2008-04-14 67584]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-12-17 868352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.3.2012 8:40 104160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
S2 S3LoadSv;S3LoadSv;c:\windows\system32\S3LoadSv.exe --> c:\windows\system32\S3LoadSv.exe [?]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\Drivers\DrvAgent32.sys --> c:\windows\system32\Drivers\DrvAgent32.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8.5.2012 7:25 114144]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 77.237.128.2 77.237.128.1
FF - ProfilePath - c:\documents and settings\Jenik\Data aplikací\Mozilla\Firefox\Profiles\3kaj470a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-VTTimer - VTTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-08 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(204)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2012-10-08 20:22:22
ComboFix-quarantined-files.txt 2012-10-08 18:22
.
Před spuštěním: Volných bajtů: 20 907 143 168
Po spuštění: Volných bajtů: 20 873 277 440
.
- - End Of File - - A48E6CEBAC2ECE864A901B16C0D4369F

[Rudy]

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\SET38.tmp
c:\windows\SET2C.tmp
c:\windows\SET29.tmp
c:\windows\SETFD.tmp
c:\windows\SETF1.tmp
c:\windows\SETEE.tmp

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[7Johan7]

ComboFix 12-10-08.02 - Jenik 08.10.2012 20:47:16.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1982.1718 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jenik\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jenik\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
file zipped: c:\windows\SET29.tmp
file zipped: c:\windows\SET2C.tmp
file zipped: c:\windows\SET38.tmp
file zipped: c:\windows\SETEE.tmp
file zipped: c:\windows\SETF1.tmp
file zipped: c:\windows\SETFD.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-08 do 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 13:40 . 2008-04-14 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-10-08 13:40 . 2008-04-14 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2012-10-08 13:40 . 2008-04-14 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2012-10-08 13:40 . 2008-04-14 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2012-10-08 13:40 . 2008-04-14 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2012-10-08 13:38 . 2008-04-14 12:00 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2012-10-08 13:37 . 2008-04-14 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-10-08 13:36 . 2008-04-14 12:00 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
2012-10-08 13:35 . 2008-04-14 12:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2012-10-08 13:34 . 2003-04-14 18:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2012-10-08 13:01 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-10-08 13:01 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-10-08 13:00 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-10-08 13:00 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-10-08 13:00 . 2008-04-14 12:00 16825 ----a-r- c:\windows\SET38.tmp
2012-10-08 13:00 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SET2C.tmp
2012-10-08 13:00 . 2008-04-14 12:00 1246067 ----a-r- c:\windows\SET29.tmp
2012-10-08 12:31 . 2012-10-08 12:31 -------- d-----w- c:\documents and settings\Administrator
2012-10-08 11:31 . 2008-04-14 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-10-08 11:31 . 2008-04-14 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-10-08 11:14 . 2008-04-14 12:00 16825 ----a-r- c:\windows\SETFD.tmp
2012-10-08 11:14 . 2008-04-14 12:00 1088840 ----a-r- c:\windows\SETF1.tmp
2012-10-08 11:13 . 2008-04-14 12:00 1246067 ----a-r- c:\windows\SETEE.tmp
2012-10-08 10:59 . 2012-10-08 10:59 -------- d-----w- C:\found.000
2012-09-10 16:17 . 2012-09-10 16:17 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 16:17 . 2012-06-30 10:49 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe" [2010-12-17 199168]
"SRFirstRun"="srclient.dll" [2008-04-14 67584]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2010-12-17 868352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-12-14 20:02 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.3.2012 8:40 104160]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
S2 S3LoadSv;S3LoadSv;c:\windows\system32\S3LoadSv.exe --> c:\windows\system32\S3LoadSv.exe [?]
S3 DrvAgent32;DrvAgent32;\??\c:\windows\system32\Drivers\DrvAgent32.sys --> c:\windows\system32\Drivers\DrvAgent32.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [8.5.2012 7:25 114144]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 77.237.128.2 77.237.128.1
FF - ProfilePath - c:\documents and settings\Jenik\Data aplikací\Mozilla\Firefox\Profiles\3kaj470a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-08 20:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(204)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2012-10-08 21:02:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-08 19:02
ComboFix2.txt 2012-10-08 18:22
.
Před spuštěním: Volných bajtů: 20 871 811 072
Po spuštění: Volných bajtů: 20 783 841 280
.
- - End Of File - - 1462EDC099B52183B31F75E2905A8270

[Rudy]

Jsou tam stále. Stáhněte a spusťte Avenger: http://forum.viry.cz/viewtopic.php?f=11&t=19832 . Do bílého okna zkopírujte:

Files to delete:
c:\windows\SET38.tmp
c:\windows\SET2C.tmp
c:\windows\SET29.tmp
c:\windows\SETFD.tmp
c:\windows\SETF1.tmp
c:\windows\SETEE.tmp

a klikněte na >Execute<. PC bude restartován.

[7Johan7]

Bohužel stále to nenajelo. Mám udělat nějaký log? Děkuju moc

[Rudy]

Zkuste obnovu systému k datu, kdy korektně fungoval.

[7Johan7]

Bohužel v pc bod obnovení nemám. Zkoušel jsem ještě opravnou instalaci windows a při instalačce to na mě hodí hlášku, že to potřebuje soubor VIAAGP1.SYS. Koukal jsem na net co to přesně znamená a našel jsem, že asi nejsem zdaleka jediný, kdo tento problém má nebo měl. Někde jsem se dozvěděl, že je nutné udělat čistou instalaci někde zase, že by se to možná dalo zachránit. Je to tedy možné? Děkuju moc

[Rudy]

Stáhněte odtud: http://www.sysfiles-download.com/sysind ... 1.sys.html a rozbalte do windows\system32\drivers.

[7Johan7]

Nahráno, ale teď to zase požaduje ucb_32.sys z disku S3 Graphics Co.

[Rudy]

Stáhněte odtud: http://www.how-to-fix-errors.com/errors ... r-fix.html a dál postupujte stejně, jako v předchozím případě.

[7Johan7]

Tak bohužel se mi program vůbec nespustí. Instalace proběhe v pořádku, ale po spuštění to vyhodí hlášku, že v aplikaci speedyPC došlo k problému a je třeba ji zavřít.

[Rudy]

SpeedyPC není součást systému. Tohle můžete odinstalovat.