Policejní vir + nefunguje nouzový režim

Zpráva

mattey · #1 Příspěvek od **mattey** » 06 čer 2013 20:02

Dobrý den,
prosím o radu s následujícím problémem:
Dneska jsem někde chytil policejní vir, o kterém se tu hojně píše.
Nepodařilo se mi ale najít případ, kde by zároveň nefungoval nouzový režim jako mně.

Mám WinXP SP3
Od jednoho předchozího čištění mám nainstalovanou zotavovací konzoli, pokud by to nějak mohlo pomoci. (Předpokládám, že asi ne.)

Při normálním spuštění systému se po přihlášení po chvíli objeví bílá obrazovka (odpojil jsem se od internetu, tak asi nemůže stáhnout obsah toho falešného hlášení).

Při spuštění v nouzovém režimu se objeví po přihlášení dotaz, jestli chci ponechat nouzový režim nebo spustit funkci Obnovení systému. Ať vyberu jakoukoliv možnost nebo to nechám bez odpovědi, zhruba za vteřinu se počítač začne restartovat. Takže nouzový režim nedokážu nijak využít.

Zkusil jsem v nouzovém režimu rychle spustit Správce úloh a foťákem jsem si zaznamenal běžící procesy. Nic vyloženě podezřelého tam asi není - leda že by název procesu byl schválně shodný s nějakým neškodným systémovým procesem (zkoušel jsem je vygooglit). Kdyžtak sem na vyžádání doplním jejich seznam.

Po startu a zmáčnkutí F8 jsem taky zkusil možnost spustit Poslední známou funkční konfiguraci. Ani to nepomohlo - nakonec stejná bílá obrazovka.

Jediné řešení, které mě ještě napadá je nabootovat tam nějaký systém z CD nebo flashky. Jenže Windows mám někde pečlivě uložené uložené a musel bych to asi dlouho hledat. Pokud by bylo nějaké jednodušší řešení, budu vděčný za radu. U té flashky si navíc nejsem jistý jestli to lze použít pro bootování a pod jakým písmenem. USB klávesnice mi např. nefunguje dokud nenajedou Windows.

Počítač jsem zkoušel spustit opakovaně jak v normálním tak v nouzovém režimu. Mám pocit, že v tom normálním režimu ze začátku trvalo déle než naběhla ta bílá obrazkvka, takže jsem stihnul ještě spustit Správce úloh a nabíhaly různé další programy. Při dalších spuštěních už se mi soubory na ploše a lišta ukázaly jen na chvilku a hned zmizely. Chvíli tam bylo samotné pozadí plochy, přičemž nešlo nic dělat a pak se objevila bílá obrazovka. Možná to ale souvisí s tím, že předtím jsem dva dny vypínal počítač jen do režimu spánku, takže teď se při prvním restartu spustily nějaké aktualizace nebo co a zdržely start viru.

Můžete mi někdo prosím poradit?

#2 Příspěvek od **vyosek** » 06 čer 2013 20:47

Zdravim

Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

Zadejte prikaz notepad a odenterujte
Otebre se poznamkovy blok (notepad)
Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
Zavrete notepad krizkem

Ted si ziskame log

Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
Spusti se FRST
Spuste prohledavani kliknutim na Scan
Po chvili se vytvori na flash disku log FRST.exe
Ten mi sem vlozte pres zdravy PC

mattey · #3 Příspěvek od **mattey** » 06 čer 2013 23:29

Díky za pomoc.

Ještě doplnění:
1) Povedlo se mi úspěšně spustit nouzový režim, když jsem se přihlásil jako uživatel Administrátor. Ten se objeví jen v nouzovém režimu a nebyl jsem si jistý heslem, nakonec to ale vyšlo.
Bohužel to mám asi nastavené jako omezený účet. Takže se nedá např. podívat na disk C: a to ani v TotalCommanderu - tam mi to nabídne zalogování, ale potom to stejně nahlásí chybu. Každopádně je to další možnost. (Log z FRST jsem ale pořídíl podle návodu v nouzovém režimu s DOSem a pod svým normálním uživatelským účtem.)
2) Mezi těmi procesy ve Správci úloh byl Skype.dat, což by podle některých zpráv mohl být škodlivý software. Předtím jsem to při hledání asi přeskočil. (Mám na mysli Správce úloh opd mým normálním profilem v nouzovém režimu - jak jsem to zmiňoval předtím.)

Tady je log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by mattey (administrator) on 06-06-2013 22:49:05
Running from G:\
Microsoft Windows XP Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SkyTel] SkyTel.EXE [x]
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [nwiz] nwiz.exe /installquiet [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [7561216 2006-03-17] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit [x]
HKLM\...\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe [163840 2006-02-17] (A4Tech Co., Ltd.)
HKLM\...\Run: [MagicKey] C:\PROGRA~1\KLAVES~1\MEDIAK~1\MagicKey.exe [45056 2004-03-15] ()
HKLM\...\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE [45056 2005-10-21] (Siemens)
HKLM\...\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot [1957888 2007-05-25] (JMicron Technology Corp.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
HKCU\...\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [630784 2007-03-19] ()
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\mattey\Data aplikací\skype.dat <==== ATTENTION
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)
HKU\TEMP\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [x]
HKU\TEMP.MATTEY\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [x]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
HKCU SearchScopes: DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60342
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKCU - {70C413DC-65E9-44B8-B436-227F877AF289} URL = http://www.google.cz/search?q={searchTe ... {startPage}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} URL = http://www.daemon-search.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Smart Suggestor - {DB536AF2-E422-402d-B7FD-887297F1A198} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll (Think Tank Labs, LLC)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -&Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU -&Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
PDF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
PDF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2012-07-30] (SuperAdBlocker.com)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\mattey\Data aplikací\Mozilla\Firefox\Profiles\oe4268xj.default
FF Homepage: hxxp://www.google.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=8 - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: flvto - C:\Documents and Settings\mattey\Data aplikací\Mozilla\Firefox\Profiles\oe4268xj.default\Extensions\flvto@hotger.com.xpi
FF Extension: No Name - C:\Documents and Settings\mattey\Data aplikací\Mozilla\Firefox\Profiles\oe4268xj.default\Extensions\{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}.xpi

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-30] (SUPERAntiSpyware.com)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S2 InCDsrv; C:\Program Files\Nero 7\InCD\InCDsrv.exe [859136 2006-11-10] (Nero AG)
S2 SPF4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [1234480 2007-04-26] (Sunbelt Software)
S2 TabletService; C:\WINDOWS\system32\Tablet.exe [749568 2005-10-19] (Wacom Technology, Corp.)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 actser; C:\Windows\System32\drivers\actser.sys [29440 2005-11-30] (Siemens AG)
S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbaw.sys [118552 2007-02-07] (Analog Devices Inc.)
S1 Amfilter; C:\Windows\System32\DRIVERS\Amfilter.sys [8704 2006-01-11] (A4Tech Co.,Ltd.)
R3 Amps2prt; C:\Windows\System32\DRIVERS\Amps2prt.sys [13824 2006-05-09] (A4Tech Co.,Ltd.)
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbprt.sys [13312 2006-05-09] (A4Tech Co.,Ltd.)
S3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1714176 2010-01-05] (Atheros Communications, Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
S1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
S2 ELOADER; C:\Windows\System32\Drivers\adildr.sys [56088 2007-02-07] (Analog Deivces)
R1 fwdrv; C:\Windows\system32\drivers\fwdrv.sys [302000 2007-04-26] (Sunbelt Software)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
S4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [102912 2006-11-10] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [31360 2006-11-10] (Nero AG)
U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [10624 2006-11-10] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [33792 2006-11-10] (Nero AG)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [49920 2007-05-24] (JMicron Technology Corp.)
S1 khips; C:\Windows\system32\drivers\khips.sys [72624 2007-04-26] (Sunbelt Software)
S3 Memctl; C:\Program Files\U-ABIT\FlashMenu\Memctl.sys [4047 2006-04-18] ()
S3 Moufiltr; C:\Windows\System32\DRIVERS\Moufiltr.sys [9661 2005-08-06] (Windows (R) 2000 DDK provider)
S3 MouseCap; C:\Windows\System32\Drivers\MouseCap.sys [6640 2005-08-08] ()
S3 MSIRCOMM; C:\Windows\System32\DRIVERS\MSIRCOMM.sys [22016 2008-04-13] (Microsoft Corporation)
S3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [342784 2010-03-31] (Realtek Semiconductor Corporation )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2012-07-30] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2012-07-30] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2011-11-22] ()
R1 UGURU; C:\Windows\System32\drivers\uGuru.sys [14592 2006-05-03] (ABIT)
R3 vsbus; C:\Windows\System32\DRIVERS\vsb.sys [15264 2005-11-30] ()
S3 vserial; C:\Windows\System32\DRIVERS\vserial.sys [47744 2005-11-30] ()
S3 Winflash; C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys [3548 2006-04-18] ()
S3 WSIMD; C:\Windows\System32\DRIVERS\wsimd.sys [58208 2009-03-17] (Atheros Communications, Inc.)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
U3 aeze91fq; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-06 22:48 - 2013-06-06 22:48 - 00000000 ____D C:\FRST
2013-06-06 21:18 - 2013-06-06 21:18 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-06 21:17 - 2013-06-06 22:28 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-06 21:17 - 2013-06-06 22:21 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2013-06-06 21:17 - 2013-06-06 22:21 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2013-06-06 21:17 - 2013-06-06 21:17 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-06 21:17 - 2007-10-09 11:51 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start
2013-06-06 21:17 - 2007-10-09 11:51 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní tiskárny
2013-06-06 21:17 - 2007-10-09 11:51 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní síť
2013-06-06 21:17 - 2007-10-09 11:51 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2013-06-06 21:17 - 2007-10-09 11:51 - 00000000 ____D C:\Documents and Settings\Administrator\Oblíbené položky
2013-06-06 21:17 - 2007-10-09 11:51 - 00000000 ____D C:\Documents and Settings\Administrator\Dokumenty
2013-06-06 21:17 - 2007-10-09 05:33 - 00000000 ___HD C:\Documents and Settings\Administrator\Šablony
2013-05-26 17:48 - 2013-05-26 22:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-18 22:32 - 2013-05-18 22:34 - 00011549 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 22:23 - 2013-05-18 22:24 - 00005348 ____A C:\Windows\KB2847204-IE8.log
2013-05-18 22:23 - 2013-05-18 22:23 - 00006379 ____A C:\Windows\KB2820197.log
2013-05-18 22:23 - 2013-05-18 22:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-18 22:16 - 2013-05-18 22:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-17 19:54 - 2013-05-17 19:54 - 00032474 ____A C:\Documents and Settings\mattey\.recently-used.xbel
2013-05-15 08:22 - 2013-05-18 22:17 - 00009686 ____A C:\Windows\KB2829361.log

==================== One Month Modified Files and Folders ========

2013-06-06 22:48 - 2013-06-06 22:48 - 00000000 ____D C:\FRST
2013-06-06 22:41 - 2007-10-09 05:52 - 00000062 __ASH C:\Documents and Settings\mattey\Local Settings\desktop.ini
2013-06-06 22:40 - 2007-11-07 23:57 - 02003069 ____A C:\Windows\System32\Drivers\fwdrv.err
2013-06-06 22:40 - 2007-10-09 05:48 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-06 22:34 - 2011-02-25 15:13 - 00032516 ____A C:\Windows\SchedLgU.Txt
2013-06-06 22:34 - 2011-02-25 15:13 - 00000215 ____A C:\Windows\wiadebug.log
2013-06-06 22:34 - 2011-02-25 15:13 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-06 22:34 - 2011-02-25 15:10 - 01888413 ____A C:\Windows\WindowsUpdate.log
2013-06-06 22:34 - 2007-10-09 05:49 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-06 22:33 - 2008-02-05 16:59 - 00012734 ____A C:\Windows\System32\tablet.dat
2013-06-06 22:33 - 2007-10-09 05:49 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-06 22:28 - 2013-06-06 21:17 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-06 22:21 - 2013-06-06 21:17 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2013-06-06 22:21 - 2013-06-06 21:17 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2013-06-06 21:18 - 2013-06-06 21:18 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-06-06 21:17 - 2013-06-06 21:17 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-06 19:52 - 2013-04-23 22:25 - 00000364 ___AH C:\Windows\Tasks\avast! Emergency Update.job
2013-06-06 19:51 - 2012-07-30 22:31 - 00062334 ____A C:\Windows\setupapi.log
2013-06-06 19:38 - 2008-12-12 09:37 - 00001324 ____A C:\Windows\System32\d3d9caps.dat
2013-06-06 19:38 - 2007-10-09 22:44 - 00063333 ____A C:\Windows\System32\nvwsapps.xml
2013-06-06 18:21 - 2007-10-09 05:53 - 00000178 ___SH C:\Documents and Settings\mattey\ntuser.ini
2013-06-06 18:03 - 2006-03-02 14:00 - 00013646 ____A C:\Windows\System32\wpa.dbl
2013-06-06 17:02 - 2007-10-09 05:52 - 00000000 __RHD C:\Documents and Settings\mattey\Data aplikací
2013-06-06 16:33 - 2008-02-06 18:24 - 00001165 ____A C:\Windows\wcx_ftp.ini
2013-06-06 15:55 - 2008-02-06 17:07 - 00002951 ____A C:\Windows\wincmd.ini
2013-06-06 00:04 - 2007-10-09 05:52 - 00000000 ____D C:\Documents and Settings\mattey\Plocha
2013-06-05 13:03 - 2007-10-09 11:48 - 00303624 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-03 01:03 - 2006-03-02 14:00 - 00000610 ____A C:\Windows\win.ini
2013-05-30 13:40 - 2007-10-09 11:22 - 2145386496 ____A C:\Windows\MEMORY.DMP
2013-05-27 08:05 - 2012-05-09 21:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-26 22:03 - 2013-05-26 17:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-26 19:58 - 2007-10-09 05:44 - 00002504 ____A C:\Windows\System32\CONFIG.NT
2013-05-18 23:57 - 2007-10-15 18:01 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-18 22:34 - 2013-05-18 22:32 - 00011549 ____A C:\Windows\KB2829530-IE8.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00328813 ____A C:\Windows\iis6.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00303567 ____A C:\Windows\FaxSetup.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00147704 ____A C:\Windows\ocgen.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00140000 ____A C:\Windows\tsoc.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00100877 ____A C:\Windows\comsetup.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00095202 ____A C:\Windows\msmqinst.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00061418 ____A C:\Windows\ntdtcsetup.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00053576 ____A C:\Windows\netfxocm.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00021119 ____A C:\Windows\MedCtrOC.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00018997 ____A C:\Windows\ocmsn.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00015311 ____A C:\Windows\msgsocm.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00015239 ____A C:\Windows\tabletoc.log
2013-05-18 22:34 - 2012-07-22 23:02 - 00001374 ____A C:\Windows\imsins.log
2013-05-18 22:33 - 2012-07-22 23:02 - 00024944 ____A C:\Windows\updspapi.log
2013-05-18 22:33 - 2009-12-10 18:12 - 00000000 ____D C:\Windows\ie8updates
2013-05-18 22:30 - 2007-10-09 11:53 - 01033054 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 22:24 - 2013-05-18 22:23 - 00005348 ____A C:\Windows\KB2847204-IE8.log
2013-05-18 22:24 - 2012-07-22 23:02 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-18 22:23 - 2013-05-18 22:23 - 00006379 ____A C:\Windows\KB2820197.log
2013-05-18 22:23 - 2013-05-18 22:23 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-18 22:23 - 2007-10-09 05:45 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-18 22:17 - 2013-05-15 08:22 - 00009686 ____A C:\Windows\KB2829361.log
2013-05-18 22:17 - 2007-10-27 12:51 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-18 22:16 - 2013-05-18 22:16 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-18 00:09 - 2007-10-18 12:11 - 00000085 ____A C:\Documents and Settings\mattey\default.pls
2013-05-18 00:09 - 2007-10-18 11:50 - 00000069 ____A C:\Windows\NeroDigital.ini
2013-05-17 23:17 - 2007-10-09 05:52 - 00000000 ___RD C:\Documents and Settings\mattey\Dokumenty
2013-05-17 23:17 - 2007-10-09 05:52 - 00000000 ___HD C:\Documents and Settings\mattey\Local Settings\Data aplikací
2013-05-17 19:59 - 2007-11-20 21:54 - 00000000 ____D C:\Documents and Settings\mattey\.gimp-2.4
2013-05-17 19:54 - 2013-05-17 19:54 - 00032474 ____A C:\Documents and Settings\mattey\.recently-used.xbel
2013-05-14 09:41 - 2012-04-14 02:44 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-14 09:41 - 2011-12-21 03:52 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-09 10:59 - 2013-04-23 22:25 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 10:59 - 2013-04-23 22:25 - 00368944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 10:59 - 2013-04-23 22:25 - 00174664 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 10:59 - 2013-04-23 22:25 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 10:59 - 2013-04-23 22:25 - 00056080 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 10:59 - 2013-04-23 22:25 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-05-09 10:59 - 2013-04-23 22:25 - 00049376 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 10:59 - 2013-04-23 22:25 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 10:58 - 2013-04-23 22:24 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 10:58 - 2011-02-20 18:31 - 00229648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-07 06:22 - 2006-03-02 14:00 - 06015488 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-07 06:22 - 2006-03-02 14:00 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-03-02 14:00] - [2008-04-14 05:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2006-03-02 14:00] - [2008-04-14 05:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2006-03-02 14:00] - [2008-04-14 05:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2006-03-02 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2006-03-02 14:00] - [2008-04-14 05:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2006-03-02 14:00] - [2008-04-14 05:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2006-03-02 14:00] - [2008-04-14 04:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1

==================== End Of Log ============================

#4 Příspěvek od **vyosek** » 07 čer 2013 10:56

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL;
U3 aeze91fq; No ImagePath
Toolbar: HKCU -No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60342
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {70C413DC-65E9-44B8-B436-227F877AF289} URL = http://www.google.cz/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} URL = http://www.daemon-search.com/search?q={searchTerms}
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\mattey\Data aplikací\skype.dat <==== ATTENTION 
C:\Documents and Settings\mattey\Data aplikací\skype.dat

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

mattey · #5 Příspěvek od **mattey** » 09 čer 2013 20:42

Provedl jsem vše podle návodu.

PC funguje v normálním režimu bez původních problémů.
Objevily se ale nějaké změny uživatelského nastavení ve Windows. Konkrétně ve všech programech to dělá zvuky při klikání na ovládání (Soubor, Upravit, Nápověda atp.). Také mám pocit, že se možná nepatrně změnil vzhled nabídek které se objevují po kliknutí pravým tlačítkem myši (změnil jen designově, ne obsahově) - tím si ale nejsem úplně jistý. Možná mě jen mate, že to při kliknuté také dělá zvuk. Tyhle zvuky jsem měl předtím ve Windows rozhodně vypnuté.

Netuším, jestli náhodou nedošlo k dalším změnám, kterých jsem si zatím nevšimnul.

Fixlog z FRST:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-06-2013 01
Ran by mattey at 2013-06-09 20:57:49 Run:1
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

Abiosdsk => Service deleted successfully.
abp480n5 => Service deleted successfully.
adpu160m => Service deleted successfully.
Aha154x => Service deleted successfully.
aic78u2 => Service deleted successfully.
aic78xx => Service deleted successfully.
AliIde => Service deleted successfully.
amsint => Service deleted successfully.
asc => Service deleted successfully.
asc3350p => Service deleted successfully.
asc3550 => Service deleted successfully.
Atdisk => Service deleted successfully.
cd20xrnt => Service deleted successfully.
Changer => Service deleted successfully.
CmdIde => Service deleted successfully.
Cpqarray => Service deleted successfully.
dac2w2k => Service deleted successfully.
dac960nt => Service deleted successfully.
dpti2o => Service deleted successfully.
hpn => Service deleted successfully.
i2omgmt => Service deleted successfully.
i2omp => Service deleted successfully.
ini910u => Service deleted successfully.
IntelIde => Service deleted successfully.
lbrtfdc => Service deleted successfully.
mraid35x => Service deleted successfully.
PCIDump => Service deleted successfully.
PDCOMP => Service deleted successfully.
PDFRAME => Service deleted successfully.
PDRELI => Service deleted successfully.
PDRFRAME => Service deleted successfully.
perc2 => Service deleted successfully.
perc2hib => Service deleted successfully.
ql1080 => Service deleted successfully.
Ql10wnt => Service deleted successfully.
ql12160 => Service deleted successfully.
ql1240 => Service deleted successfully.
ql1280 => Service deleted successfully.
Simbad => Service deleted successfully.
Sparrow => Service deleted successfully.
symc810 => Service deleted successfully.
symc8xx => Service deleted successfully.
sym_hi => Service deleted successfully.
sym_u3 => Service deleted successfully.
TosIde => Service deleted successfully.
ultra => Service deleted successfully.
ViaIde => Service deleted successfully.
WDICA => Service deleted successfully.
U1 WS2IFSL; => Service not found.
aeze91fq => Service not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Value deleted successfully.
HKCR\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key deleted successfully.
HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70C413DC-65E9-44B8-B436-227F877AF289} => Key deleted successfully.
HKCR\CLSID\{70C413DC-65E9-44B8-B436-227F877AF289} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} => Key deleted successfully.
HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} => Key not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.
C:\Documents and Settings\mattey\Data aplikací\skype.dat => File/Directory not found.

==== End of Fixlog ====

#6 Příspěvek od **vyosek** » 10 čer 2013 08:17

Ty male zmeny muzou byt zpusobeny havetti, uvidime dale...

Dejte log z RSIT z bezneho rezimu http://forum.viry.cz/viewtopic.php?f=24&t=130784

mattey · #7 Příspěvek od **mattey** » 10 čer 2013 10:06

Logfile of random's system information tool 1.09 (written by random/random)
Run by mattey at 2013-06-10 10:31:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (20%) free of 76 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:25, on 10.6.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\PROGRA~1\KLAVES~1\MEDIAK~1\MagicKey.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\PROGRA~1\KLAVES~1\MEDIAK~1\OSD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
E:\Počítač\_Důležité - problémy\2013-06_Policejni-vir\RSIT.exe
C:\Program Files\trend micro\mattey.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Smart Suggestor - {DB536AF2-E422-402d-B7FD-887297F1A198} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\KLAVES~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [SmartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Smart Suggestor - {520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O9 - Extra 'Tools' menuitem: Smart Suggestor options - {520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8236 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\mattey\Data aplikací\Mozilla\Firefox\Profiles\oe4268xj.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.169 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=8]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml

C:\Documents and Settings\mattey\Data aplikací\Mozilla\Firefox\Profiles\oe4268xj.default\searchplugins\
mapy.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-04-02 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB536AF2-E422-402d-B7FD-887297F1A198}]
Smart Suggestor - C:\Program Files\Smart Suggestor\SmartSuggestor.dll [2012-01-31 197936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-04-02 170912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-17 7561216]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2006-02-17 163840]
"MagicKey"=C:\PROGRA~1\KLAVES~1\MEDIAK~1\MagicKey.exe [2004-03-15 45056]
"SmartSync - ScheduleSync"=C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE [2005-10-21 45056]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-05-25 1957888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-03-19 630784]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
C:\Program Files\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe [2004-06-23 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-11-17 171464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-07-30 4777856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ICQ Service"=2

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2012-07-30 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDriveAutoRun"=67108863
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.LEAD"=LCODCCMP.DLL
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-06-06 22:48:32 ----D---- C:\FRST
2013-06-06 18:16:34 ----ASH---- C:\pagefile.sys
2013-06-06 18:03:15 ----A---- C:\WINDOWS\ntbtlog.txt
2013-06-06 17:02:37 ----A---- C:\Documents and Settings\mattey\Data aplikací\skype.ini
2013-05-26 17:48:32 ----D---- C:\Program Files\Mozilla Firefox
2013-05-18 22:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2820197$
2013-05-18 22:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2829361$

======List of files/folders modified in the last 1 month======

2013-06-10 10:31:15 ----D---- C:\Program Files\trend micro
2013-06-10 10:10:58 ----D---- C:\WINDOWS\Temp
2013-06-10 10:05:17 ----D---- C:\WINDOWS\system32
2013-06-10 01:32:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-06-10 01:32:18 ----D---- C:\WINDOWS\system32\CatRoot2
2013-06-09 21:06:58 ----SHD---- C:\WINDOWS\Installer
2013-06-09 21:04:03 ----D---- C:\WINDOWS\Prefetch
2013-06-09 21:03:20 ----D---- C:\WINDOWS
2013-06-06 23:55:51 ----A---- C:\WINDOWS\wincmd.ini
2013-06-06 21:17:35 ----D---- C:\Documents and Settings
2013-06-06 17:04:56 ----D---- C:\Documents and Settings\mattey\Data aplikací\Skype
2013-06-06 16:33:43 ----A---- C:\WINDOWS\wcx_ftp.ini
2013-06-06 16:01:44 ----D---- C:\Documents and Settings\mattey\Data aplikací\skypePM
2013-06-06 13:18:22 ----D---- C:\Documents and Settings\mattey\Data aplikací\OpenOffice.org2
2013-06-04 17:51:20 ----RSD---- C:\WINDOWS\Fonts
2013-06-03 01:03:28 ----A---- C:\WINDOWS\win.ini
2013-05-27 10:57:49 ----HD---- C:\WINDOWS\inf
2013-05-27 08:05:55 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-05-26 22:02:52 ----D---- C:\Program Files
2013-05-26 19:58:38 ----SD---- C:\WINDOWS\Tasks
2013-05-19 00:02:37 ----RSD---- C:\WINDOWS\assembly
2013-05-18 23:57:41 ----D---- C:\WINDOWS\Microsoft.NET
2013-05-18 22:33:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-05-18 22:33:51 ----D---- C:\Program Files\Internet Explorer
2013-05-18 22:33:04 ----D---- C:\WINDOWS\ie8updates
2013-05-18 22:32:04 ----D---- C:\Config.Msi
2013-05-18 22:30:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-05-18 22:29:27 ----D---- C:\WINDOWS\WinSxS
2013-05-18 22:24:02 ----A---- C:\WINDOWS\imsins.BAK
2013-05-18 22:23:10 ----HD---- C:\WINDOWS\$hf_mig$
2013-05-18 22:17:45 ----A---- C:\WINDOWS\system32\MRT.exe
2013-05-18 00:09:15 ----A---- C:\WINDOWS\NeroDigital.ini
2013-05-14 09:41:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-05-14 09:41:38 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-05-09 174664]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2007-05-24 49920]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PenClass;Pen Class; C:\WINDOWS\system32\Drivers\PenClass.sys [2001-04-09 8138]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-11-22 685816]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2006-01-11 8704]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-05-09 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-05-09 368944]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2006-11-10 31360]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2006-11-10 33792]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 UGURU;UGURU; C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-05-09 13824]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2010-01-05 1714176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 MouseCap;MouseCapture Driver; C:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-17 3655712]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-11-30 15264]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2009-03-17 58208]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2006-11-10 102912]
S2 ELOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2007-02-07 56088]
S3 abpk6kmq;abpk6kmq; C:\WINDOWS\system32\drivers\abpk6kmq.sys []
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2005-11-30 29440]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2007-02-07 118552]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2006-05-09 13312]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Memctl;Memctl; \??\C:\Program Files\U-ABIT\FlashMenu\Memctl.sys []
S3 Moufiltr;Mouse Test Driver; C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 9661]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2010-03-31 342784]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\WINDOWS\system32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-11-30 47744]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 Winflash;WINFLASH; \??\C:\Program Files\U-ABIT\FlashMenu\WinFlash.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2012-07-30 116608]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-04-02 170912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-17 143426]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-10-19 749568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-26 117144]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#8 Příspěvek od **vyosek** » 10 čer 2013 11:23

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

mattey · #9 Příspěvek od **mattey** » 10 čer 2013 13:51

Rkill nic neblokovalo, combofix se obešel bez restartu.

Rkill:

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/10/2013 01:41:51 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\Tablet.exe (PID: 920) [WD-HEUR]
* C:\WINDOWS\ALCFDRTM.EXE (PID: 2248) [WD-HEUR]
* C:\WINDOWS\system32\WTablet\TabUserW.exe (PID: 3992) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 06/10/2013 01:43:07 PM
Execution time: 0 hours(s), 1 minute(s), and 16 seconds(s)

ComboFix:

ComboFix 13-06-08.02 - mattey 10.06.2013 14:14:23.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1502 [GMT 2:00]
Spuštěný z: c:\documents and settings\mattey\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Smart Suggestor\SmARtsuggestor.dll
c:\windows\msmqinst.log
c:\windows\regopt.log
c:\windows\system32\AC2005DLL.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-10 do 2013-06-10 )))))))))))))))))))))))))))))))
.
.
2013-06-06 20:48 . 2013-06-06 20:48 -------- d-----w- C:\FRST
2013-06-06 19:17 . 2013-06-06 19:18 -------- d-----w- c:\documents and settings\Administrator
2013-05-17 21:17 . 2013-05-17 21:17 -------- d-----w- c:\documents and settings\mattey\Local Settings\Data aplikací\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 07:41 . 2012-04-14 00:44 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 07:41 . 2011-12-21 01:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-04-23 20:25 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-04-23 20:25 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-23 20:25 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-04-23 20:25 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-23 20:25 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-04-23 20:25 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-04-23 20:25 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2013-04-23 20:25 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2013-04-23 20:24 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-02-20 16:31 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-16 22:26 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2006-03-02 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 14:27 . 2013-04-02 14:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:27 . 2007-11-05 14:01 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-02 14:26 . 2013-04-02 14:28 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-02 14:26 . 2012-01-15 00:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-18 630784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"nwiz"="nwiz.exe" [2006-03-17 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-17 7561216]
"NvMediaCenter"="NvMCTray.dll" [2006-03-17 86016]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"MagicKey"="c:\progra~1\KLAVES~1\MEDIAK~1\MagicKey.exe" [2004-03-15 45056]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-8-25 1205840]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-2-5 114688]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-07-30 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-11-17 11:53 171464 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-07-30 19:41 4777856 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ICQ Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7785:TCP"= 7785:TCP:Services
"7786:TCP"= 7786:TCP:Services
"9396:TCP"= 9396:TCP:Services
"9397:TCP"= 9397:TCP:Services
"6036:TCP"= 6036:TCP:Services
"6037:TCP"= 6037:TCP:Services
"6442:TCP"= 6442:TCP:Services
"6443:TCP"= 6443:TCP:Services
"3692:TCP"= 3692:TCP:Services
"5884:TCP"= 5884:TCP:Services
"6348:TCP"= 6348:TCP:Services
"9286:TCP"= 9286:TCP:Services
"5051:TCP"= 5051:TCP:Services
"3286:TCP"= 3286:TCP:Services
"9364:TCP"= 9364:TCP:Services
"4567:TCP"= 4567:TCP:Services
"7634:TCP"= 7634:TCP:Services
"5083:TCP"= 5083:TCP:Services
"8666:TCP"= 8666:TCP:Services
"5348:TCP"= 5348:TCP:Services
"5692:TCP"= 5692:TCP:Services
"6208:TCP"= 6208:TCP:Services
"8911:TCP"= 8911:TCP:Services
"4224:TCP"= 4224:TCP:Services
"3177:TCP"= 3177:TCP:Services
"5583:TCP"= 5583:TCP:Services
"1693:TCP"= 1693:TCP:Services
"7380:TCP"= 7380:TCP:Services
"7005:TCP"= 7005:TCP:Services
"5217:TCP"= 5217:TCP:Services
"8614:TCP"= 8614:TCP:Services
"9692:TCP"= 9692:TCP:Services
"8958:TCP"= 8958:TCP:Services
"5395:TCP"= 5395:TCP:Services
"2973:TCP"= 2973:TCP:Services
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [23.4.2013 22:25 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [23.4.2013 22:25 174664]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.11.2011 15:46 685816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.4.2013 22:25 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.4.2013 22:25 368944]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 11:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 11:21 72624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2010 20:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67664]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [11.10.2007 0:02 14592]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29.6.2010 19:48 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.4.2013 22:25 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23.4.2013 22:25 66336]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 10:27 13824]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 14:44 6640]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [18.8.2008 21:48 56088]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 11:21 1234480]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4.7.2012 11:44 1714176]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [31.3.2010 7:58 342784]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [14.2.2011 17:41 11520]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-23 08:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: {{520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - {DB536AF2-E422-402d-B7FD-887297F1A198} -
FF - ProfilePath - c:\documents and settings\mattey\Data aplikací\Mozilla\Firefox\Profiles\oe4268xj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
------- Asociace souborů -------
.
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Heroes of Might and Magic® III - e:\gamesy\heroes 3\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 14:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1528)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Celkový čas: 2013-06-10 14:27:59
ComboFix-quarantined-files.txt 2013-06-10 12:27
.
Před spuštěním: Volných bajtů: 15 810 207 744
Po spuštění: Volných bajtů: 19 291 136 000
.
- - End Of File - - 44C2299ACC797C96FA4BD6F238FA02E2
09CE7397AF23D4C0B331B89D0297CC7E

#10 Příspěvek od **vyosek** » 10 čer 2013 16:50

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=-
"ISUSScheduler"=-
"QuickTime Task"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"7785:TCP"=-
"7786:TCP"=-
"9396:TCP"=-
"9397:TCP"=-
"6036:TCP"=-
"6037:TCP"=-
"6442:TCP"=-
"6443:TCP"=-
"3692:TCP"=-
"5884:TCP"=-
"6348:TCP"=-
"9286:TCP"=-
"5051:TCP"=-
"3286:TCP"=-
"9364:TCP"=-
"4567:TCP"=-
"7634:TCP"=-
"5083:TCP"=-
"8666:TCP"=-
"5348:TCP"=-
"5692:TCP"=-
"6208:TCP"=-
"8911:TCP"=-
"4224:TCP"=-
"3177:TCP"=-
"5583:TCP"=-
"1693:TCP"=-
"7380:TCP"=-
"7005:TCP"=-
"5217:TCP"=-
"8614:TCP"=-
"9692:TCP"=-
"8958:TCP"=-
"5395:TCP"=-
"2973:TCP"=-

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

mattey · #11 Příspěvek od **mattey** » 10 čer 2013 19:23

Když se počítač začal restartovat, tak to došlo ke standardní obrazovce s nápisem "Vypínání". Ale tam se to asi zaseklo - už přes dvacet minut hlásí vypínání a nic.

Můžu to natvrdo restartovat?

#12 Příspěvek od **vyosek** » 10 čer 2013 19:36

Ano, restartujte jej...

mattey · #13 Příspěvek od **mattey** » 10 čer 2013 20:19

Po restartu Windows naběhly v normálně.
Posílám log:

ComboFix 13-06-08.02 - mattey 10.06.2013 19:47:58.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1486 [GMT 2:00]
Spuštěný z: c:\documents and settings\mattey\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\mattey\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Disabled* {BFD080F6-3BF0-40E1-9507-9CA969C35870}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-10 do 2013-06-10 )))))))))))))))))))))))))))))))
.
.
2013-06-06 20:48 . 2013-06-06 20:48 -------- d-----w- C:\FRST
2013-06-06 19:17 . 2013-06-06 19:18 -------- d-----w- c:\documents and settings\Administrator
2013-05-17 21:17 . 2013-05-17 21:17 -------- d-----w- c:\documents and settings\mattey\Local Settings\Data aplikací\WMTools Downloaded Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 07:41 . 2012-04-14 00:44 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-14 07:41 . 2011-12-21 01:52 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-04-23 20:25 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-04-23 20:25 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-23 20:25 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-04-23 20:25 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-23 20:25 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-04-23 20:25 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-04-23 20:25 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2013-04-23 20:25 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2013-04-23 20:24 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-02-20 16:31 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-16 22:26 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2006-03-02 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-02 14:27 . 2013-04-02 14:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:27 . 2007-11-05 14:01 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-02 14:26 . 2013-04-02 14:28 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-02 14:26 . 2012-01-15 00:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-18 630784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"nwiz"="nwiz.exe" [2006-03-17 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-17 7561216]
"NvMediaCenter"="NvMCTray.dll" [2006-03-17 86016]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 163840]
"MagicKey"="c:\progra~1\KLAVES~1\MEDIAK~1\MagicKey.exe" [2004-03-15 45056]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-8-25 1205840]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-2-5 114688]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-07-30 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ICQ Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [23.4.2013 22:25 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [23.4.2013 22:25 174664]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.11.2011 15:46 685816]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [23.4.2013 22:25 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [23.4.2013 22:25 368944]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.4.2007 11:21 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.4.2007 11:21 72624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17.2.2010 20:25 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67664]
R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [11.10.2007 0:02 14592]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29.6.2010 19:48 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.4.2013 22:25 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [23.4.2013 22:25 66336]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [26.4.2007 11:21 1234480]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [9.5.2006 10:27 13824]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 14:44 6640]
S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\system32\drivers\adildr.sys [18.8.2008 21:48 56088]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4.7.2012 11:44 1714176]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [31.3.2010 7:58 342784]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [14.2.2011 17:41 11520]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-23 08:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: {{520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - {DB536AF2-E422-402d-B7FD-887297F1A198} -
FF - ProfilePath - c:\documents and settings\mattey\Data aplikací\Mozilla\Firefox\Profiles\oe4268xj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-10 20:53
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(3040)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSCS.DLL
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\Amhooker.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Tablet.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\progra~1\KLAVES~1\MEDIAK~1\OSD.exe
c:\windows\ALCFDRTM.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2013-06-10 21:00:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-10 19:00
.
Před spuštěním: Volných bajtů: 19 062 874 112
Po spuštění: Volných bajtů: 19 137 642 496
.
- - End Of File - - F63A7873648351E6A38FD0CAD6884C0A
09CE7397AF23D4C0B331B89D0297CC7E

#14 Příspěvek od **vyosek** » 10 čer 2013 20:20

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

mattey · #15 Příspěvek od **mattey** » 11 čer 2013 14:24

Vše jsem provedl. Na konci Ccleaner vše zvládnul na první pokus - občas ho používám, ikdyž doposud zdaleka ne každý týden. (Novou verzi jsem si samozřejmě teď stáhnul.)

Řekl bych, že se všechno vrátilo do pořádku pořádku. Tedy až na uživatelské nastavení windows (zvuky apod., jak jsem už psal dříve), ale to už jsem si přenastavil.

Takže zbývá jen poděkovat: Díky, díky moc:-)
Rád podpořím fórum. Jak na to už jsem si přečetl.
Nashledanou někdy příště - snad zas pár let bez nehody vydržím.

VIRY.CZ

Policejní vir + nefunguje nouzový režim

Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim

Re: Policejní vir + nefunguje nouzový režim