Další log ke kontrole - díky!

[Kurtik21]

Zdravím, pánové!
Mám problém s počítačem - po instalaci Nokia Ovi Suite se začal cca minutu po startu ukončovat services.exe a odpočítává minutu do restartu.
Systém je záplatovaný Windows XP Pref SP3.
Log z HjT:

Logfile of HijackThis v1.99.1
Scan saved at 16:27:33, on 24.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Olina Tlapáková\Local Settings\Temporary Internet Files\Content.IE5\2KG91OH8\KillBox[1].exe
C:\DOCUME~1\OLINAT~1\LOCALS~1\Temp\Dočasný adresář 1 pro hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: *.server
O15 - Trusted Zone: *.taco
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)

Díky za komentáře!

[motji]

Hezké odpoledne

Zkuste obnovu systému k datu, kdy nebyli problémy.

Start - spustit
-do políčka zkopírujte

Kód: Vybrat vše

%SystemRoot%\System32\restore\rstrui.exe

-enter
-vyberte bod obnovení

Pak vložte nový log ze Rsitu, viz. můj podpis

[Kurtik21]

HezOdpo!
Já věděl, že mám pozdravit i dámy.
Co se týká bodů obnovení - nejsou. Respektive je jen jeden a to z dneška. Nevím, co s tím PC kdo dělal, ale prostě neobsahuje starší body obnovení. Ten dnešní jsem zkoušel, bezúspěšně. K počítači se dostanu zase zítra, takže log z RSITu dodám.
Nejsem si jist tím, že je na vině vir (či spyware a podobné radosti) ale nemůžu to vyloučit.
Zatím díky!

[motji]

Prosím Vás podívejte se, jestli máte tento soubor ve složce system32
C:\WINDOWS\system32\svchost.exe

[Kurtik21]

Takže svchost.exe je na svém místě, tedy netuším, proč byl v první logu označen jako "Not found".
Tady je LOG z RSITu:

Kód: Vybrat vše

Logfile of random's system information tool 1.07 (written by random/random)
Run by Olina Tlapáková at 2010-06-25 08:11:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 117 GB (89%) free of 131 GB
Total RAM: 2037 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:11:13, on 25.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Farao\farao.exe
J:\RSIT.exe
C:\Program Files\trend micro\Olina Tlapáková.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - FarUpd.lnk = install\FarUpd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O15 - Trusted Zone: *.server
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5677 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-07 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-07 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-07 137752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\autorun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13b75746-6ad5-11dd-a993-0019dbde712a}]
shell\AutoRun\command - I:\laucher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c69fcf9-ec76-11de-b550-0019dbde712a}]
shell\autorun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b7018f6-3b7b-11dd-a96a-0019dbde712a}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b699f3c0-acbe-11de-8226-0019dbde712a}]
shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c816394d-768b-11de-81fc-0019dbde712a}]
shell\autorun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb289571-7cfc-11df-b5b4-0019dbde712a}]
shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dacb3f88-9ffb-11dd-a9bf-0019dbde712a}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec0a3f48-5efe-11de-81e7-0019dbde712a}]
shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f262dc4c-2262-11dd-a958-0019dbde712a}]
shell\AutoRun\command - ab.cmd
shell\explore\command - ab.cmd
shell\open\command - ab.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6a5ef21-caa4-11dd-a9e0-0019dbde712a}]
shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9f2d572-d001-11dd-a9e5-0019dbde712a}]
shell\AutoRun\command - setup.exe


======List of files/folders created in the last 1 months======

2010-06-25 08:11:08 ----D---- C:\rsit
2010-06-25 08:11:08 ----D---- C:\Program Files\trend micro
2010-06-24 16:25:54 ----D---- C:\!KillBox
2010-06-24 16:04:54 ----D---- C:\WINDOWS\LastGood
2010-06-24 15:55:51 ----SHD---- C:\RECYCLER
2010-06-24 15:37:10 ----D---- C:\WINDOWS\system32\appmgmt
2010-06-24 15:36:28 ----D---- C:\WINDOWS\temp
2010-06-24 15:36:27 ----A---- C:\ComboFix.txt
2010-06-24 15:27:01 ----A---- C:\WINDOWS\PEV.exe
2010-06-24 15:27:01 ----A---- C:\WINDOWS\MBR.exe
2010-06-24 15:22:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-24 13:32:54 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-06-24 13:32:52 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2010-06-24 13:29:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-06-24 13:28:58 ----D---- C:\Documents and Settings\Olina Tlapáková\Data aplikací\PC Suite
2010-06-24 13:27:26 ----D---- C:\Program Files\DIFX
2010-06-24 13:27:11 ----D---- C:\WINDOWS\LastGood.Tmp
2010-06-24 13:26:51 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-06-24 13:24:00 ----D---- C:\Program Files\Nokia
2010-06-24 13:24:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
2010-06-17 12:02:00 ----D---- C:\Documents and Settings\Olina Tlapáková\Data aplikací\Mozilla
2010-06-17 12:01:56 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2010-06-25 08:11:08 ----RD---- C:\Program Files
2010-06-25 08:09:57 ----D---- C:\WINDOWS\system32
2010-06-24 16:50:27 ----D---- C:\WINDOWS\Prefetch
2010-06-24 16:22:50 ----D---- C:\WINDOWS\system32\drivers
2010-06-24 16:22:50 ----D---- C:\WINDOWS
2010-06-24 16:14:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-24 16:03:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-24 15:44:56 ----SHD---- C:\WINDOWS\Installer
2010-06-24 15:44:52 ----D---- C:\Config.Msi
2010-06-24 15:44:23 ----D---- C:\Program Files\Common Files
2010-06-24 15:42:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-24 15:42:46 ----HD---- C:\WINDOWS\inf
2010-06-24 15:41:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 15:40:16 ----SHD---- C:\System Volume Information
2010-06-24 15:36:29 ----D---- C:\Qoobox
2010-06-24 15:35:29 ----D---- C:\WINDOWS\ERDNT
2010-06-24 15:35:11 ----A---- C:\WINDOWS\system.ini
2010-06-24 15:31:16 ----D---- C:\WINDOWS\AppPatch
2010-06-24 15:25:38 ----D---- C:\Documents and Settings
2010-06-24 15:12:18 ----D---- C:\WINDOWS\PCHEALTH
2010-06-24 14:16:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-24 13:24:34 ----D---- C:\WINDOWS\WinSxS
2010-06-24 11:17:03 ----A---- C:\WINDOWS\crw.ini
2010-06-08 08:17:56 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 usbserfilt;usbserfilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[Kurtik21]

Takže posun - v C:\Windows\system32\drivers byl soubor, který SAS detekoval jako Rootkit Rustock - zajímavé je, že ve výpisu z HjT ani RSITu není uveden (měl náhodný název, v mém konkrétním případě to bylo "f4de34f1.sys").
Protože systém po naběhnutí cca minutu fungoval korektně, podařilo se mi SAS nainstalovat a aktualizovat, v nouzovém režimu jsem ten Rootkit nechal odstranit, což se mu nepovedlo, takže jsem soubor přejmenoval ručně, odstranil dva jeho klíče v registrech (ve větvích HKLM\...\ControlSet001 a ControlSet002) a nyní běží znova kontrola SAS, která vypadá bez nálezu. Zkusím poté ještě nějakou další utilitku (zřejmě ComboFix), abych měl jistotu, že je PC svinstvaprosté, leč v tuto chvíli to vypadá nadějně.

[motji]

Ten záznam v HJT mě zmátl, nebyla jsem si jistá, jestli Vám instalace toho programu ten soubor neodpálila, ale jinak už mám jasno. Určitě Vám nefungují aktualizace, na svědomí to má rootkit, který pozměnil klíč. Rootkita už Vám asi SAS smazal, mrkneme ještě combofixem a pak opravíte ten klíč . Jako bonus ještě confickera..prostě nádhera . takže mi neutíkejte a hlavně nedělejte nic bez mého vědomí, budeme na tom pracovat společně


Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem



Použijte USB fix
http://www.viry.cz/forum/viewtopic.php? ... ead#unread


Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt




Start - spustit - napsat Regedit - ok

Najdete tyto klíče

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services (BITS and Wuauserv)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (BITS and Wuauserv)

Najďěte složky BITS a wuauserv (u všech klíčů), klikněte na ně pravým tlačítkem myši, vyberte možnost "Oprávnění". Dejte povolit u všeho .

Potom v pravém okénku najdete hodnotu Imagepath,
U ní je cesta k aktualizacím (%fystemRoot%\system32\svchost.exe -k netsvcs)
a vy musíte přepsat písmenko F na s
aby cesta byla (%systemRoot%\system32\svchost.exe -k netsvcs)

[Kurtik21]

Takže tak:

LOG z Combofixu:

ComboFix 10-06-24.03 - Olina Tlapáková 25.06.2010 11:08.4.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2037.1411 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-25 do 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-25 07:47 . 2010-06-25 07:47 3719978 ----a-r- C:\ComboFix.exe
2010-06-25 06:28 . 2010-06-25 06:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-25 06:11 . 2010-06-25 06:11 -------- d-----w- C:\rsit
2010-06-25 06:11 . 2010-06-25 06:11 -------- d-----w- c:\program files\trend micro
2010-06-24 14:25 . 2010-06-24 14:25 -------- d-----w- C:\!KillBox
2010-06-24 14:04 . 2010-06-24 14:12 -------- d-----w- c:\windows\LastGood
2010-06-24 13:26 . 2010-06-24 13:26 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-24 11:33 . 2008-04-13 22:15 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-06-24 11:32 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-06-24 11:27 . 2010-06-24 11:27 -------- d-----w- c:\program files\DIFX
2010-06-24 11:26 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-06-24 11:24 . 2010-06-24 13:42 -------- d-----w- c:\program files\Nokia
2010-06-17 10:02 . 2010-06-17 10:02 0 ----a-w- c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 07:24 . 2008-02-04 13:22 -------- d-----w- c:\program files\FARAO
2010-06-24 13:41 . 2001-10-25 12:00 46196 ----a-w- c:\windows\system32\perfc005.dat
2010-06-24 13:41 . 2001-10-25 12:00 309990 ----a-w- c:\windows\system32\perfh005.dat
2010-06-24 11:32 . 2010-06-24 11:32 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-24 11:32 . 2010-06-24 11:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 11:54 . 2010-05-05 11:53 -------- d-----w- c:\program files\UTAX TA
.

((((((((((((((((((((((((((((( SnapShot@2010-06-24_13.35.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-25 07:22 . 2010-06-25 07:22 16384 c:\windows\temp\Perflib_Perfdata_78c.dat
+ 2001-10-25 12:00 . 2010-06-24 13:41 40128 c:\windows\system32\perfc009.dat
+ 2010-06-24 14:12 . 2001-10-25 12:00 31360 c:\windows\LastGood\system32\dllcache\weitekp9.sys
+ 2010-06-24 14:12 . 2001-10-25 12:00 41600 c:\windows\LastGood\system32\dllcache\weitekp9.dll
+ 2010-06-24 14:12 . 2001-10-25 12:00 73728 c:\windows\LastGood\system32\dllcache\w3ext.dll
+ 2010-06-24 14:12 . 2001-10-25 12:00 48256 c:\windows\LastGood\system32\dllcache\w32.dll
+ 2010-06-24 14:12 . 2008-04-14 06:50 86073 c:\windows\LastGood\system32\dllcache\voicesub.dll
+ 2010-06-24 14:12 . 2008-04-14 06:50 76288 c:\windows\LastGood\system32\dllcache\uniime.dll
+ 2010-06-24 14:12 . 2001-10-25 12:00 14336 c:\windows\LastGood\system32\dllcache\tsprof.exe
+ 2010-06-24 14:12 . 2008-04-14 06:50 10240 c:\windows\LastGood\system32\dllcache\tmigrate.dll
+ 2010-06-24 14:12 . 2004-08-03 21:32 44032 c:\windows\LastGood\system32\dllcache\tintlphr.exe
+ 2010-06-24 14:12 . 2001-10-25 12:00 19464 c:\windows\LastGood\system32\dllcache\tdspx.sys
+ 2010-06-24 14:12 . 2001-10-25 12:00 21896 c:\windows\LastGood\system32\dllcache\tdipx.sys
+ 2010-06-24 14:12 . 2001-10-25 12:00 13192 c:\windows\LastGood\system32\dllcache\tdasync.sys
+ 2010-06-24 14:12 . 2001-10-25 12:00 16896 c:\windows\LastGood\system32\dllcache\status.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 10240 c:\windows\LastGood\system32\dllcache\snmpstup.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 15872 c:\windows\LastGood\system32\dllcache\smierrsm.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 31744 c:\windows\LastGood\system32\dllcache\smb6w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 31744 c:\windows\LastGood\system32\dllcache\sma3w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 38912 c:\windows\LastGood\system32\dllcache\sm9aw.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 26624 c:\windows\LastGood\system32\dllcache\sm93w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 26624 c:\windows\LastGood\system32\dllcache\sm92w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 26112 c:\windows\LastGood\system32\dllcache\sm90w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 26112 c:\windows\LastGood\system32\dllcache\sm8dw.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 29184 c:\windows\LastGood\system32\dllcache\sm8cw.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 26112 c:\windows\LastGood\system32\dllcache\sm8aw.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 26112 c:\windows\LastGood\system32\dllcache\sm89w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 30208 c:\windows\LastGood\system32\dllcache\sm87w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 30208 c:\windows\LastGood\system32\dllcache\sm81w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 25088 c:\windows\LastGood\system32\dllcache\sm59w.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 18944 c:\windows\LastGood\system32\dllcache\simptcp.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 79872 c:\windows\LastGood\system32\dllcache\rwia330.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 79872 c:\windows\LastGood\system32\dllcache\rwia001.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 14848 c:\windows\LastGood\system32\dllcache\register.exe
+ 2010-06-24 14:10 . 2001-10-25 12:00 16896 c:\windows\LastGood\system32\dllcache\quser.exe
+ 2010-06-24 14:10 . 2001-10-25 12:00 11264 c:\windows\LastGood\system32\dllcache\pmxmcro.dll
+ 2010-06-24 14:10 . 2008-04-14 06:49 67584 c:\windows\LastGood\system32\dllcache\pmigrate.dll
+ 2010-06-24 14:10 . 2008-04-13 20:13 70144 c:\windows\LastGood\system32\dllcache\pintlphr.exe
+ 2010-06-24 14:10 . 2008-04-14 06:49 53760 c:\windows\LastGood\system32\dllcache\pintlcsd.dll
+ 2010-06-24 14:10 . 2001-10-25 12:00 20992 c:\windows\LastGood\system32\dllcache\permchk.dll
+ 2010-06-24 14:10 . 2001-10-25 12:00 31744 c:\windows\LastGood\system32\dllcache\pagecnt.dll
+ 2010-06-24 14:10 . 2008-04-14 06:49 15360 c:\windows\LastGood\system32\dllcache\padrs804.dll
+ 2010-06-24 14:10 . 2001-10-25 12:00 14336 c:\windows\LastGood\system32\dllcache\padrs412.dll
+ 2010-06-24 14:10 . 2001-10-25 12:00 36927 c:\windows\LastGood\system32\dllcache\padrs411.dll
+ 2010-06-24 14:10 . 2008-04-14 06:49 15872 c:\windows\LastGood\system32\dllcache\padrs404.dll
+ 2010-06-24 14:10 . 2001-10-25 12:00 53248 c:\windows\LastGood\system32\dllcache\nextlink.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 98304 c:\windows\LastGood\system32\dllcache\msir3jp.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 34816 c:\windows\LastGood\system32\dllcache\migisol.exe
+ 2010-06-24 14:09 . 2001-10-25 12:00 92416 c:\windows\LastGood\system32\dllcache\mga.sys
+ 2010-06-24 14:09 . 2001-10-25 12:00 92032 c:\windows\LastGood\system32\dllcache\mga.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 26624 c:\windows\LastGood\system32\dllcache\mdsync.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 22016 c:\windows\LastGood\system32\dllcache\logscrpt.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 70656 c:\windows\LastGood\system32\dllcache\korwbrkr.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 18432 c:\windows\LastGood\system32\dllcache\jupiw.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 19968 c:\windows\LastGood\system32\dllcache\inetsloc.dll
+ 2010-06-24 14:08 . 2004-08-03 21:31 59392 c:\windows\LastGood\system32\dllcache\imscinst.exe
+ 2010-06-24 14:08 . 2001-10-25 12:00 59904 c:\windows\LastGood\system32\dllcache\imkrinst.exe
+ 2010-06-24 14:08 . 2001-10-25 12:00 45109 c:\windows\LastGood\system32\dllcache\imjpuex.exe
+ 2010-06-24 14:08 . 2008-04-14 06:47 81976 c:\windows\LastGood\system32\dllcache\imjpdct.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 57398 c:\windows\LastGood\system32\dllcache\imjpdadm.exe
+ 2010-06-24 14:08 . 2001-10-25 12:00 44032 c:\windows\LastGood\system32\dllcache\imekrmig.exe
+ 2010-06-24 14:08 . 2008-04-14 06:47 86016 c:\windows\LastGood\system32\dllcache\imekrmbx.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 14848 c:\windows\LastGood\system32\dllcache\iisreset.exe
+ 2010-06-24 14:08 . 2001-10-25 12:00 19456 c:\windows\LastGood\system32\dllcache\iiscrmap.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 60928 c:\windows\LastGood\system32\dllcache\iisclex4.dll
+ 2010-06-24 14:06 . 2008-04-14 06:38 56320 c:\windows\LastGood\system32\dllcache\chtskdic.dll
+ 2010-06-24 14:06 . 2008-04-14 06:38 97792 c:\windows\LastGood\system32\dllcache\chtmbx.dll
+ 2010-06-24 14:06 . 2001-10-25 12:00 14848 c:\windows\LastGood\system32\dllcache\chgusr.exe
+ 2010-06-24 14:06 . 2001-10-25 12:00 15872 c:\windows\LastGood\system32\dllcache\chgport.exe
+ 2010-06-24 14:06 . 2001-10-25 12:00 13312 c:\windows\LastGood\system32\dllcache\chglogon.exe
+ 2010-06-24 14:07 . 2001-10-25 12:00 36864 c:\windows\LastGood\system32\dllcache\hanjadic.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 11776 c:\windows\LastGood\system32\dllcache\fxssend.exe
+ 2010-06-24 14:07 . 2001-10-25 12:00 31744 c:\windows\LastGood\system32\dllcache\fxsroute.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 14848 c:\windows\LastGood\system32\dllcache\flattemp.exe
+ 2010-06-24 14:07 . 2001-08-17 18:10 22090 c:\windows\LastGood\system32\dllcache\fem556n5.sys
+ 2010-06-24 14:11 . 2001-10-24 11:25 12288 c:\windows\LastGood\system32\dllcache\EXCH_smtpctrs.dll
+ 2010-06-24 14:11 . 2001-10-24 11:25 26112 c:\windows\LastGood\system32\dllcache\EXCH_seos.dll
+ 2010-06-24 14:11 . 2001-10-24 11:25 57856 c:\windows\LastGood\system32\dllcache\EXCH_scripto.dll
+ 2010-06-24 14:11 . 2001-10-24 11:25 23040 c:\windows\LastGood\system32\dllcache\EXCH_regtrace.exe
+ 2010-06-24 14:10 . 2001-10-24 11:24 38912 c:\windows\LastGood\system32\dllcache\EXCH_ntfsdrv.dll
+ 2010-06-24 14:09 . 2001-10-24 11:24 65536 c:\windows\LastGood\system32\dllcache\EXCH_mailmsg.dll
+ 2010-06-24 14:07 . 2001-10-24 11:24 43520 c:\windows\LastGood\system32\dllcache\EXCH_fcachdll.dll
+ 2010-06-24 14:05 . 2001-10-24 11:24 45056 c:\windows\LastGood\system32\dllcache\EXCH_aqadmin.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 25856 c:\windows\LastGood\system32\dllcache\et4000.sys
+ 2010-06-24 14:07 . 2001-10-25 12:00 45056 c:\windows\LastGood\system32\dllcache\esunid.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 57856 c:\windows\LastGood\system32\dllcache\esuimgd.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 31744 c:\windows\LastGood\system32\dllcache\esucmd.dll
+ 2010-06-24 14:07 . 2001-08-17 18:10 19996 c:\windows\LastGood\system32\dllcache\em556n4.sys
+ 2010-06-24 14:06 . 2001-10-25 12:00 18944 c:\windows\LastGood\system32\dllcache\cprofile.exe
+ 2010-06-24 14:06 . 2004-08-03 21:31 57399 c:\windows\LastGood\system32\dllcache\cplexe.exe
+ 2010-06-24 14:06 . 2001-10-25 12:00 20480 c:\windows\LastGood\system32\dllcache\counters.dll
+ 2010-06-24 14:06 . 2001-10-25 12:00 57344 c:\windows\LastGood\system32\dllcache\convlog.exe
+ 2010-06-24 14:06 . 2001-10-25 12:00 33792 c:\windows\LastGood\system32\dllcache\controt.dll
+ 2010-06-24 14:06 . 2001-10-25 12:00 54528 c:\windows\LastGood\system32\dllcache\cap7146.sys
+ 2010-06-24 14:06 . 2001-10-25 12:00 10752 c:\windows\LastGood\system32\dllcache\c_iscii.dll
+ 2010-06-24 14:06 . 2001-10-25 12:00 45568 c:\windows\LastGood\system32\dllcache\browscap.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 29184 c:\windows\LastGood\system32\dllcache\asptxn.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 10240 c:\windows\LastGood\system32\dllcache\aspperf.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 50176 c:\windows\LastGood\system32\dllcache\adrot.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 7168 c:\windows\LastGood\system32\dllcache\wamregps.dll
+ 2010-06-24 14:12 . 2001-10-25 12:00 9216 c:\windows\LastGood\system32\dllcache\wamps51.dll
+ 2010-06-24 14:12 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\w3svapi.dll
+ 2010-06-24 14:12 . 2001-10-25 12:00 4608 c:\windows\LastGood\system32\dllcache\w3ctrs51.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\smimsgif.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\smierrsy.dll
+ 2010-06-24 14:10 . 2001-10-25 12:00 9728 c:\windows\LastGood\system32\dllcache\query.exe
+ 2010-06-24 14:10 . 2001-10-25 12:00 6144 c:\windows\LastGood\system32\dllcache\pmxgl.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdvntc.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdusa.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdurdu.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 6144 c:\windows\LastGood\system32\dllcache\kbdth3.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 6144 c:\windows\LastGood\system32\dllcache\kbdth2.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdth1.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdth0.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdsyr2.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdsyr1.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 7680 c:\windows\LastGood\system32\dllcache\kbdnecnt.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 9216 c:\windows\LastGood\system32\dllcache\kbdnecat.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 7168 c:\windows\LastGood\system32\dllcache\kbdnec95.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdintel.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdintam.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 6144 c:\windows\LastGood\system32\dllcache\kbdinpun.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdinmar.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdinkan.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdinhin.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdinguj.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdindev.dll
+ 2010-06-24 14:09 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdheb.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5120 c:\windows\LastGood\system32\dllcache\kbdgeo.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbdfa.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbddiv2.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbddiv1.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5120 c:\windows\LastGood\system32\dllcache\kbdarmw.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5120 c:\windows\LastGood\system32\dllcache\kbdarme.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbda3.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbda2.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\kbda1.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 6144 c:\windows\LastGood\system32\dllcache\kbd101a.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 9216 c:\windows\LastGood\system32\dllcache\iwrps.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 7168 c:\windows\LastGood\system32\dllcache\isapips.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 8704 c:\windows\LastGood\system32\dllcache\infoctrs.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 7680 c:\windows\LastGood\system32\dllcache\inetmgr.exe
+ 2010-06-24 14:08 . 2001-10-25 12:00 6656 c:\windows\LastGood\system32\dllcache\iissync.exe
+ 2010-06-24 14:05 . 2001-10-25 12:00 5632 c:\windows\LastGood\system32\dllcache\iisrstap.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 3584 c:\windows\LastGood\system32\dllcache\iismui.dll
+ 2010-06-24 14:06 . 2001-10-25 12:00 9728 c:\windows\LastGood\system32\dllcache\change.exe
+ 2010-06-24 14:04 . 2001-10-25 12:00 6144 c:\windows\LastGood\system32\dllcache\ftpsapi2.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 7680 c:\windows\LastGood\system32\dllcache\ftpctrs2.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 6144 c:\windows\LastGood\system32\dllcache\ftlx041e.dll
+ 2010-06-24 14:11 . 2001-10-24 11:25 7168 c:\windows\LastGood\system32\dllcache\EXCH_snprfdll.dll
+ 2010-06-24 14:05 . 2001-10-24 11:24 5632 c:\windows\LastGood\system32\dllcache\EXCH_adsiisex.dll
+ 2010-06-24 14:06 . 2001-10-25 12:00 6656 c:\windows\LastGood\system32\dllcache\c_is2022.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 9216 c:\windows\LastGood\system32\dllcache\authfilt.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 6144 c:\windows\LastGood\system32\dllcache\admxprox.dll
+ 2001-10-25 12:00 . 2010-06-24 13:41 311740 c:\windows\system32\perfh009.dat
+ 2010-06-24 14:12 . 2008-04-14 06:50 426041 c:\windows\LastGood\system32\dllcache\voicepad.dll
+ 2010-06-24 14:12 . 2004-08-03 21:32 455168 c:\windows\LastGood\system32\dllcache\tintsetp.exe
+ 2010-06-24 14:12 . 2001-10-25 12:00 185344 c:\windows\LastGood\system32\dllcache\thawbrkr.dll
+ 2010-06-24 14:12 . 2001-10-25 12:00 101376 c:\windows\LastGood\system32\dllcache\srusbusd.dll
+ 2010-06-24 14:11 . 2001-10-25 12:00 143422 c:\windows\LastGood\system32\dllcache\softkey.dll
+ 2010-06-24 14:10 . 2001-10-25 12:00 131584 c:\windows\LastGood\system32\dllcache\pmxviceo.dll
+ 2010-06-24 14:10 . 2008-04-14 06:49 175104 c:\windows\LastGood\system32\dllcache\pintlcsa.dll
+ 2010-06-24 14:10 . 2001-10-25 12:00 229439 c:\windows\LastGood\system32\dllcache\multibox.dll
+ 2010-06-24 14:08 . 2008-04-14 06:47 315455 c:\windows\LastGood\system32\dllcache\imskf.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 471102 c:\windows\LastGood\system32\dllcache\imskdic.dll
+ 2010-06-24 14:08 . 2008-04-14 06:47 102456 c:\windows\LastGood\system32\dllcache\imlang.dll
+ 2010-06-24 14:08 . 2008-04-14 06:47 274489 c:\windows\LastGood\system32\dllcache\imjputyc.dll
+ 2010-06-24 14:08 . 2004-08-03 21:32 262200 c:\windows\LastGood\system32\dllcache\imjputy.exe
+ 2010-06-24 14:08 . 2004-08-03 21:32 233527 c:\windows\LastGood\system32\dllcache\imjprw.exe
+ 2010-06-24 14:08 . 2004-08-03 21:32 208952 c:\windows\LastGood\system32\dllcache\imjpmig.exe
+ 2010-06-24 14:08 . 2004-08-03 21:31 196665 c:\windows\LastGood\system32\dllcache\imjpinst.exe
+ 2010-06-24 14:08 . 2004-08-03 21:31 155705 c:\windows\LastGood\system32\dllcache\imjpdsvr.exe
+ 2010-06-24 14:08 . 2004-08-03 21:31 307257 c:\windows\LastGood\system32\dllcache\imjpdct.exe
+ 2010-06-24 14:08 . 2008-04-14 06:47 716856 c:\windows\LastGood\system32\dllcache\imjpcus.dll
+ 2010-06-24 14:08 . 2008-04-14 06:47 368696 c:\windows\LastGood\system32\dllcache\imjpcic.dll
+ 2010-06-24 14:08 . 2008-04-14 06:47 811064 c:\windows\LastGood\system32\dllcache\imjp81k.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 311359 c:\windows\LastGood\system32\dllcache\imepadsv.exe
+ 2010-06-24 14:08 . 2001-10-25 12:00 102463 c:\windows\LastGood\system32\dllcache\imepadsm.dll
+ 2010-06-24 14:08 . 2008-04-14 06:47 106496 c:\windows\LastGood\system32\dllcache\imekrcic.dll
+ 2010-06-24 14:05 . 2001-10-25 12:00 171008 c:\windows\LastGood\system32\dllcache\iisui.dll
+ 2010-06-24 14:06 . 2008-04-14 06:38 173568 c:\windows\LastGood\system32\dllcache\chtskf.dll
+ 2010-06-24 14:06 . 2001-10-25 12:00 838144 c:\windows\LastGood\system32\dllcache\chtbrkr.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 137216 c:\windows\LastGood\system32\dllcache\fxsclntr.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 112128 c:\windows\LastGood\system32\dllcache\fxscfgwz.dll
+ 2010-06-24 14:07 . 2001-10-25 12:00 514587 c:\windows\LastGood\system32\dllcache\edb500.dll
+ 2010-06-24 14:06 . 2004-08-03 21:31 480256 c:\windows\LastGood\system32\dllcache\cintsetp.exe
+ 2010-06-24 14:06 . 2008-04-14 06:38 198656 c:\windows\LastGood\system32\dllcache\cintime.dll
+ 2010-06-24 14:05 . 2009-02-09 11:26 2191232 c:\windows\LastGood\system32\dllcache\ntoskrnl.exe
+ 2010-06-24 14:10 . 2009-02-10 17:09 2068224 c:\windows\LastGood\system32\dllcache\ntkrnlpa.exe
+ 2010-06-24 14:06 . 2001-10-25 12:00 1677824 c:\windows\LastGood\system32\dllcache\chsbrkr.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 10129408 c:\windows\LastGood\system32\dllcache\hwxkor.dll
+ 2010-06-24 14:08 . 2008-04-14 06:46 13463552 c:\windows\LastGood\system32\dllcache\hwxjpn.dll
+ 2010-06-24 14:08 . 2001-10-25 12:00 10096640 c:\windows\LastGood\system32\dllcache\hwxcht.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Olina Tlap kov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - FarUpd.lnk - y:\install\FarUpd.exe [2009-5-28 331776]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 20:25 12872]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.5.2010 20:41 67656]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: Public
Trusted Zone: Public (Y:)
Trusted Zone: server
Trusted Zone: taco
FF - ProfilePath - c:\documents and settings\Olina Tlapáková\Data aplikací\Mozilla\Firefox\Profiles\wimhyrn9.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 11:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(516)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-06-25 11:11:12
ComboFix-quarantined-files.txt 2010-06-25 07:51
ComboFix2.txt 2010-06-24 13:36
ComboFix3.txt 2009-02-16 15:12
ComboFix4.txt 2009-01-12 12:02

Před spuštěním: Volných bajtů: 123 265 183 744
Po spuštění: Volných bajtů: 123 311 050 752

- - End Of File - - EA08ED4D65EFA22F66905F021409A3F4


LOG z UsbFixu (ten odkaz nefunguje):

############################## | UsbFix 7.014 | [Research]

User: Olina Tlapáková (Administrator) # OLINA [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 11:12:13 | 25/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Enabled
Antivirus: AVG Anti-Virus Network Edition 9.0 [(!) Disabled | Updated]
RAM -> 2037 Mb
C:\ (%systemdrive%) -> Fixed drive # 128 Gb (114 Mb free - 89%) [] # NTFS
H:\ -> CD-ROM
I:\ -> Fixed drive # 105 Gb (99 Mb free - 95%) [Nový svazek] # NTFS
J:\ -> Removable drive # 2 Gb (2 Mb free - 95%) [CORSAIR] # FAT32

################## | Files # Infected Folders |

Found ! J:\log.txt

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |


Co se týče přepsaných hodnot v registrech (fystemRoot), tak ty nejsou - jsou tam správné, ale nemůžu vyloučit, že tam někdy v minulosti byla ta potvora, co se šíří přes flashky (ten počítač je přístupný mnoha lidem, někdo z nich samozřejmě mohl mít infikovanou flashku).
Nicméně je pravda, že se dneska rozběhly aktualizace, takže asi zase tak docela záplatovaný nebyl.

Uff, napište mi, že už je to všecko, jo?

[motji]

Skoro bych řekla že je čisto . Já BVás poprosím o novýá log ze Rsitu a odstrante logy z combofixu z code, špatně se mi to čte .
Také je možné, že ten klíč k aktualizacím opravil combofix. Ale dle logu ze rsitu aktualizace nešly . Toho rootkita jste tam mohl mít delší dobu

[Kurtik21]

Asi budu muset s pravdou ven - po odstranění toho Rootkitu pomocí SAS jsem spustil aktualizace ručně (přes Windows Update) a stáhlo se asi 20 aktualizací. Po restartu už fungovaly i automatické (stáhly se další dvě).
Log z RSIT:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Olina Tlapáková at 2010-06-25 16:32:13
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 116 GB (89%) free of 131 GB
Total RAM: 2037 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:32:21, on 25.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\RSIT.exe
C:\Program Files\trend micro\Olina Tlapáková.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - FarUpd.lnk = install\FarUpd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.server
O15 - Trusted Zone: *.taco
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7453846187
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6579 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-06-25 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-07 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-07 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-07 137752]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-25 2065760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-06-07 2403568]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Olina Tlapáková\Nabídka Start\Programy\Po spuštění
Zástupce - FarUpd.lnk - Y:\install\FarUpd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!saswinlogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-04 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-06-25 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-06-25 16:32:05 ----A---- C:\RSIT.exe
2010-06-25 11:02:25 ----A---- C:\UsbFix.txt
2010-06-25 11:02:05 ----D---- C:\UsbFix
2010-06-25 10:53:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-06-25 10:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-06-25 10:48:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-06-25 10:48:31 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-25 10:48:31 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-25 10:48:31 ----A---- C:\WINDOWS\system32\java.exe
2010-06-25 10:48:31 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-25 10:48:15 ----SHD---- C:\RECYCLER
2010-06-25 10:28:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-25 10:27:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-25 10:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-25 10:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-25 10:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-25 10:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-25 10:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-06-25 10:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-06-25 10:26:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-06-25 10:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-06-25 10:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-06-25 10:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-06-25 10:26:30 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-06-25 10:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-06-25 10:26:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-06-25 10:26:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-06-25 10:26:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-06-25 10:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-06-25 10:26:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-06-25 10:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-06-25 10:25:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-06-25 10:25:46 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-06-25 10:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-06-25 10:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-06-25 10:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-06-25 10:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-06-25 10:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-06-25 10:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-06-25 10:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-06-25 10:25:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-06-25 10:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-06-25 10:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-06-25 10:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-06-25 10:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-06-25 10:24:45 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-06-25 10:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-06-25 10:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-06-25 10:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-06-25 10:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-06-25 10:24:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-06-25 10:24:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-06-25 10:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-06-25 10:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-06-25 10:24:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-06-25 10:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-06-25 10:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-06-25 10:20:19 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-06-25 10:18:05 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2010-06-25 10:17:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-06-25 10:04:31 ----A---- C:\reset.txt
2010-06-25 10:02:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-06-25 09:51:12 ----A---- C:\ComboFix.txt
2010-06-25 09:47:23 ----RA---- C:\ComboFix.exe
2010-06-25 09:21:19 ----D---- C:\WINDOWS\pss
2010-06-25 08:29:07 ----D---- C:\Documents and Settings\Olina Tlapáková\Data aplikací\SUPERAntiSpyware.com
2010-06-25 08:29:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-06-25 08:28:58 ----D---- C:\Program Files\SUPERAntiSpyware
2010-06-25 08:11:08 ----D---- C:\rsit
2010-06-25 08:11:08 ----D---- C:\Program Files\trend micro
2010-06-24 16:25:54 ----D---- C:\!KillBox
2010-06-24 15:37:10 ----D---- C:\WINDOWS\system32\appmgmt
2010-06-24 15:36:28 ----D---- C:\WINDOWS\temp
2010-06-24 15:27:01 ----A---- C:\WINDOWS\PEV.exe
2010-06-24 15:27:01 ----A---- C:\WINDOWS\MBR.exe
2010-06-24 15:22:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-24 13:32:54 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2010-06-24 13:32:52 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2010-06-24 13:29:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-06-24 13:28:58 ----D---- C:\Documents and Settings\Olina Tlapáková\Data aplikací\PC Suite
2010-06-24 13:27:26 ----D---- C:\Program Files\DIFX
2010-06-24 13:26:51 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2010-06-24 13:24:00 ----D---- C:\Program Files\Nokia
2010-06-24 13:24:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
2010-06-17 12:02:00 ----D---- C:\Documents and Settings\Olina Tlapáková\Data aplikací\Mozilla
2010-06-17 12:01:56 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2010-06-25 16:32:21 ----D---- C:\WINDOWS\Prefetch
2010-06-25 16:14:29 ----D---- C:\Program Files\FARAO
2010-06-25 16:09:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-25 15:53:39 ----HD---- C:\WINDOWS\inf
2010-06-25 15:52:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-25 15:38:33 ----A---- C:\WINDOWS\crw.ini
2010-06-25 10:55:36 ----D---- C:\WINDOWS
2010-06-25 10:55:10 ----D---- C:\WINDOWS\system32
2010-06-25 10:53:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-25 10:53:47 ----A---- C:\WINDOWS\imsins.BAK
2010-06-25 10:53:44 ----D---- C:\WINDOWS\system32\drivers
2010-06-25 10:53:17 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-25 10:48:46 ----SHD---- C:\WINDOWS\Installer
2010-06-25 10:48:46 ----D---- C:\Config.Msi
2010-06-25 10:48:30 ----D---- C:\Program Files\Java
2010-06-25 10:32:02 ----D---- C:\Program Files\Internet Explorer
2010-06-25 10:32:01 ----D---- C:\WINDOWS\AppPatch
2010-06-25 10:28:27 ----D---- C:\WINDOWS\ie8updates
2010-06-25 10:27:03 ----D---- C:\Program Files\Outlook Express
2010-06-25 10:26:24 ----D---- C:\Program Files\Movie Maker
2010-06-25 10:25:40 ----D---- C:\WINDOWS\WinSxS
2010-06-25 10:18:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-25 10:18:07 ----D---- C:\WINDOWS\Help
2010-06-25 09:51:14 ----D---- C:\Qoobox
2010-06-25 09:50:26 ----A---- C:\WINDOWS\system.ini
2010-06-25 09:49:26 ----D---- C:\Program Files\Common Files
2010-06-25 09:47:57 ----SHD---- C:\System Volume Information
2010-06-25 09:47:57 ----D---- C:\WINDOWS\system32\Restore
2010-06-25 08:28:58 ----RD---- C:\Program Files
2010-06-24 15:42:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-24 15:41:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-24 15:35:29 ----D---- C:\WINDOWS\ERDNT
2010-06-24 15:25:38 ----D---- C:\Documents and Settings
2010-06-24 15:12:18 ----D---- C:\WINDOWS\PCHEALTH
2010-06-08 08:17:56 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-28 12:37:36 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-06-25 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-25 29584]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-25 243024]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sasdifsv;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 saskutil;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\OLINAT~1\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 usbserfilt;usbserfilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys []
S3 wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-06-25 308136]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Díky!

[motji]

To jsem ani nevěděla, že SAS ty klíče opravuje.
Tento program znáte?
C:\Documents and Settings\Olina Tlapáková\Nabídka Start\Programy\Po spuštění
Zástupce - FarUpd.lnk - Y:\install\FarUpd.exe

Jak to vypadá s počítačem?

[Kurtik21]

Já nevím, jestli to opravil SAS, nebo "se to opravilo" instalací některé aktualizace (jak jsem psal - první aktualizace jsem stahoval ručně, přes stránky Windows Update).
FarUpd.exe a Farao.exe jsou "důvěryhodné aplikace", které používáme k práci.
Ještě jednou děkuju, sloní rádkyně.

[motji]

Ještě mi neutíkejte , něco málo domažeme

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File::
C:\WINDOWS\system32\Drivers\SSPORT.sys

Driver::
SSPORT

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci



Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

[driver76]

Logfile of HijackThis v1.99.1
Scan saved at 20:28:36, on 26. 6. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\uzivatel\LOCALS~1\Temp\Rar$EX00.609\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla.com/en-US/firefox/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Download Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Mirar - {118A69EB-2606-4E3C-9C5D-6701AEC858DB} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Download Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Äîńňóď ę ďëŕňíîěó ęîíňĺíňó FieryAds v2.0.2 - {6D125299-C2A9-4DBC-BEC3-6F7124E39A41} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Download Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P0.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

dakujem za odpoved

[motji]

driver76
Prosím založte si vlastní topic, takto by se nám logy pletly.
Vložte do něj log ze Rsitu, viz můj podpis. HJT máte zastaralý, Rsit nám ukáže víc .
Děkuji za pochopení