Neotvara disky

[Jand]

Neodinstaluje mi to windows ?

[Caroprd111]

Určitě ne.

[Jand]

tak som tak spravil, ale OTL pise ze Neodpovida v zatvorke za nazvom, to tak ma robit ? je to tak stale a nevidim zeby nieco robilo

[Caroprd111]

Pokud nebude ještě 10 minut reagovat, tak zkuste provést skript v nouzovém režimu.

[Jand]

Tak spravilo to :

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
ADS C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\WINDOWS\002662_.tmp moved successfully.
C:\WINDOWS\002692_.tmp moved successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\WINDOWS\DUMP5e9a.tmp moved successfully.
C:\WINDOWS\DUMP5f27.tmp moved successfully.
C:\WINDOWS\DUMP5f65.tmp moved successfully.
C:\WINDOWS\DUMP5fd3.tmp moved successfully.
C:\WINDOWS\DUMP5fe2.tmp moved successfully.
C:\WINDOWS\DUMP5ff2.tmp moved successfully.
C:\WINDOWS\DUMP6021.tmp moved successfully.
C:\WINDOWS\DUMP6022.tmp moved successfully.
C:\WINDOWS\DUMP6031.tmp moved successfully.
C:\WINDOWS\DUMP6040.tmp moved successfully.
C:\WINDOWS\DUMP6050.tmp moved successfully.
C:\WINDOWS\DUMP606f.tmp moved successfully.
C:\WINDOWS\DUMP608e.tmp moved successfully.
C:\WINDOWS\DUMP60dc.tmp moved successfully.
C:\WINDOWS\DUMP610b.tmp moved successfully.
C:\WINDOWS\DUMP610c.tmp moved successfully.
C:\WINDOWS\DUMP610d.tmp moved successfully.
C:\WINDOWS\DUMP613a.tmp moved successfully.
C:\WINDOWS\DUMP6198.tmp moved successfully.
C:\WINDOWS\DUMP61e6.tmp moved successfully.
C:\WINDOWS\DUMP6253.tmp moved successfully.
C:\WINDOWS\DUMP6263.tmp moved successfully.
C:\WINDOWS\DUMP6292.tmp moved successfully.
C:\WINDOWS\DUMP6293.tmp moved successfully.
C:\WINDOWS\DUMP62a2.tmp moved successfully.
C:\WINDOWS\DUMP62b1.tmp moved successfully.
C:\WINDOWS\DUMP62e0.tmp moved successfully.
C:\WINDOWS\DUMP62ff.tmp moved successfully.
C:\WINDOWS\DUMP631f.tmp moved successfully.
C:\WINDOWS\DUMP633e.tmp moved successfully.
C:\WINDOWS\DUMP636d.tmp moved successfully.
C:\WINDOWS\DUMP637c.tmp moved successfully.
C:\WINDOWS\DUMP639c.tmp moved successfully.
C:\WINDOWS\DUMP639d.tmp moved successfully.
C:\WINDOWS\DUMP63ea.tmp moved successfully.
C:\WINDOWS\DUMP6409.tmp moved successfully.
C:\WINDOWS\DUMP6419.tmp moved successfully.
C:\WINDOWS\DUMP64b5.tmp moved successfully.
C:\WINDOWS\DUMP6503.tmp moved successfully.
C:\WINDOWS\DUMP6570.tmp moved successfully.
C:\WINDOWS\DUMP65ed.tmp moved successfully.
C:\WINDOWS\DUMP665b.tmp moved successfully.
C:\WINDOWS\DUMP665c.tmp moved successfully.
C:\WINDOWS\DUMP6755.tmp moved successfully.
C:\WINDOWS\DUMP6756.tmp moved successfully.
C:\WINDOWS\DUMP6793.tmp moved successfully.
C:\WINDOWS\DUMP67f1.tmp moved successfully.
C:\WINDOWS\DUMP68eb.tmp moved successfully.
C:\WINDOWS\DUMP6b1d.tmp moved successfully.
C:\WINDOWS\DUMP6d50.tmp moved successfully.
C:\WINDOWS\DUMP6d8e.tmp moved successfully.
C:\WINDOWS\DUMP6f82.tmp moved successfully.
C:\WINDOWS\DUMP6f83.tmp moved successfully.
C:\WINDOWS\DUMP7280.tmp moved successfully.
C:\WINDOWS\DUMP72af.tmp moved successfully.
C:\WINDOWS\DUMP730d.tmp moved successfully.
C:\WINDOWS\DUMP73e7.tmp moved successfully.
C:\WINDOWS\DUMP7520.tmp moved successfully.
C:\WINDOWS\DUMP7f03.tmp moved successfully.
C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET5F1.tmp moved successfully.
C:\WINDOWS\System32\SET5F6.tmp moved successfully.
C:\WINDOWS\System32\SET5FD.tmp moved successfully.
C:\WINDOWS\System32\SET606.tmp moved successfully.
C:\WINDOWS\System32\SET607.tmp moved successfully.
C:\WINDOWS\System32\SET608.tmp moved successfully.
C:\WINDOWS\System32\SET60B.tmp moved successfully.
C:\WINDOWS\System32\tmp1B26.tmp moved successfully.
C:\WINDOWS\System32\tmp1B27.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: TichoLieci
->Temp folder emptied: 681125 bytes
->Temporary Internet Files folder emptied: 253726425 bytes
->Java cache emptied: 2147568 bytes
->FireFox cache emptied: 37572092 bytes
->Flash cache emptied: 48054 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12606550 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 293,00 mb


[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

User: TichoLieci
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.0 log created on 04042010_133711

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Vložte do PC všechny flash disky, které používáte.
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

Pokud ComboFix nepůjde spustit, tak zkuste ComboFix přejmenovat třeba na cokoliv.com, případně přejmenovaný ComboFix spusťte v nouzovém režimu.

[Jand]

Ufff... to su stresi

no je to spravene tu je log :
ComboFix 10-04-03.02 - TichoLieci . 04. 2010 13:57:56.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1022.640 [GMT 2:00]
Running from: c:\documents and settings\TichoLieci\Plocha\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 071220-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\AcAdProc.dll
D:\i.cmd

.
((((((((((((((((((((((((( Files Created from 2010-03-04 to 2010-04-04 )))))))))))))))))))))))))))))))
.

2010-04-04 11:52 . 2010-04-04 11:52 390144 ----a-w- c:\windows\system32\CF5882.exe
2010-04-04 11:23 . 2010-04-04 11:23 -------- d-----w- C:\_OTL
2010-04-04 11:04 . 2010-04-04 11:03 390144 ----a-w- c:\windows\system32\CF29091.exe
2010-04-04 10:53 . 2007-12-04 13:53 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-04 10:53 . 2007-12-04 13:51 42912 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-04 10:53 . 2007-12-04 13:49 26624 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-04 10:53 . 2007-12-04 11:54 95608 ----a-w- c:\windows\system32\AvastSS.scr
2010-04-04 10:53 . 2007-12-04 13:56 93264 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-04 10:53 . 2007-12-04 13:55 94544 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-04 10:53 . 2007-12-04 12:04 837496 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-04 10:53 . 2010-04-04 10:53 -------- d-----w- c:\program files\Alwil Software
2010-04-04 09:57 . 2010-04-04 09:57 -------- d-----w- C:\rsit
2010-04-04 07:32 . 2010-04-04 07:32 -------- d-----w- c:\program files\IMSI
2010-04-02 16:05 . 2010-04-02 16:05 -------- d-----w- c:\program files\Trend Micro
2010-03-31 17:22 . 2010-03-31 17:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-31 16:42 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-03-31 16:42 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-03-31 16:42 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-03-31 16:42 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-03-31 11:45 . 2010-03-31 11:45 -------- d-----w- c:\program files\sXe Injected
2010-03-10 17:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 11:37 . 2001-10-25 16:00 83446 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 11:37 . 2001-10-25 16:00 440082 ----a-w- c:\windows\system32\perfh005.dat
2010-04-04 10:55 . 2009-04-11 16:20 -------- d-----w- c:\program files\ESET
2010-04-01 10:36 . 2009-03-02 17:30 -------- d-----w- c:\program files\Common Files\Skype
2010-03-31 17:22 . 2009-02-11 17:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-31 17:22 . 2009-03-03 15:08 -------- d-----w- c:\program files\AGEIA Technologies
2010-03-23 09:07 . 2010-02-13 13:44 -------- d-----w- c:\program files\Dragon Age
2010-03-23 08:59 . 2008-12-12 09:01 -------- d-----w- c:\program files\TC UP
2010-03-07 08:14 . 2009-06-06 14:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-06 15:10 . 2010-02-13 11:09 -------- d-----w- c:\program files\Common Files\BioWare
2010-02-25 06:18 . 2004-08-17 15:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 14:44 . 2009-05-27 07:20 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-20 14:44 . 2009-05-27 07:19 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-20 10:56 . 2009-05-27 07:19 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-18 19:10 . 2010-02-18 19:10 -------- d-----w- c:\program files\Elcom
2010-02-13 12:33 . 2008-12-12 07:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2006-05-03 10:06 . 2009-04-13 11:05 163328 --sh--r- c:\windows\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TichoLieci\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Kalend r.lnk - c:\windows\MENINY.EXE [2009-4-12 49312]

c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"e:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"e:\\Hry\\Killing Floor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2. 7. 2003 17:41 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2. 7. 2003 16:49 124160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12. 4. 2009 13:02 717296]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [12. 4. 2009 12:48 15872]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [12. 12. 2008 11:53 222456]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12. 4. 2009 23:19 1684736]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [15. 12. 2009 22:07 25832]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [10. 11. 2009 19:41 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [10. 11. 2009 19:41 8320]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: &Download by Arles Download Manager - c:\documents and settings\TichoLieci\Local Settings\Data aplikací\Ariel Download Manager\DownloadManager.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TichoLieci\Data aplikací\Mozilla\Firefox\Profiles\du4ynu3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://games.tiscali.cz/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\TichoLieci\Data aplikací\Mozilla\Firefox\Profiles\du4ynu3p.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Condor: The Competition Soaring Simulator - c:\program files\Condor\uninst.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-GTA San Andreas SK - c:\program files\Rockstar Games\GTA San Andreas\Uninstall GTA_SA_SK.exe
AddRemove-mod_sobit - e:\program files\Rockstar Games\GTA San Andreas\Uninstall s0beit 3.4 mod
AddRemove-PORTAL SK - c:\documents and settings\TichoLieci\Plocha\Portal\Uninstall PORTAL_SK.exe
AddRemove-S.T.A.L.K.E.R. - Clear Sky_is1 - d:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\unins000.exe
AddRemove-S.T.A.L.K.E.R. - Shadow of Chernobyl_is1 - e:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-04 14:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86CF6420]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7634f28
\Driver\ACPI -> ACPI.sys @ 0xf738fcb8
\Driver\atapi -> 0x86cf6420
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC #2 -> SendCompleteHandler -> NDIS.sys @ 0xf71fbbb0
PacketIndicateHandler -> NDIS.sys @ 0xf7208a21
SendHandler -> NDIS.sys @ 0xf71e687b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
PE file found in sector at 0x01D1C06C0 !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(292)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-04-04 14:08:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-04 12:08
ComboFix2.txt 2009-07-20 10:55

Pre-Run: 4 038 828 032
Post-Run: 3 998 158 848

- - End Of File - - CCD8FF16EF6F710F42352F959965F65F

[Caroprd111]

Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[Jand]

Tak tu je ten log :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x01D1C06C0 !

[Caroprd111]

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -f

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[Jand]

no ved presne to som spravil zase a obsah logu je tu :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x01D1C06C0 !

[Caroprd111]

Následující kroky proveďte přesně v pořadí, jak jsou.


Nabootujte z instalačního CD a vstupte do konzoly pro zotavení. Pro tuto operaci musíte znát heslo k účtu Administrator. Do příkazového řádku napište:

Kód: Vybrat vše

fixmbr

Stskněte >Enter< a potvrďte. Pak napište

Kód: Vybrat vše

exit

opět stiskněte >Enter< . PC se restartuje.


Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

[Jand]

nabootovat instalacne CD a spustit konzolu zotavenia bola uplne prva vec ktoru som skusal, ale neprecita mi CD aj ked viem ze ho nacitalo

[Caroprd111]

Pro jistotu, si udělejte zálohu důležitých dat

Pořádně si přečtěte návod, pokud něčemu nerozumíte, tak se ptejte.

1:Vypni Firewall>spust program HXD http://mh-nexus.de/en/downloads.php?product=HxD <klikni hore na ikonku pevneho disku>na karte ktora sa objavi>pod Fyzicke disky>Klik >oznac PEVNY DISK>vyber fajku >otvor len na citanie>klik>ok a este raz OK>


2:V pravo hore >je napisane >sector>a okienko + sipky>budes nastavovat a hladat sectory so sipkamy>sector 0>je MBR>a sector -63 je BOOT>Nebabrat>sector 1-62 maju byt Nulove>000000000000.

3:Program HXD otvor na plnu obrazovku>nastav so sipkou sector napriklad-1>ak cely sector 1-je nulova stlac lavu mysku oznac ho> pravy klik kopirovat presne cely nulovy sector>ale presne od ciary po ciaru

4:Skontroluj zo sipkamy sectory 1-62 a kde nie je cely sector nulovy stlac lavu mysku oznac presne cely sector>pravy klik>PREPISAT.

5:prepisu sa ti na cerveno>na 0000000-ly>ak toto budes mat klik v pravom hornom rohu na krizik a zatvor program HXD,objavi sa ti okno ci chces zmenu ulozit suhlasis.Zatvoris program HXD>restartnes >PC
Nepomyl sa nie ze zacnes prepisovat logicke disky



Sectory 1 az 62 maju vyzerat takto:
Kód:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Po provedení předchozího úkonu:

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.