Počítač zamrzá, spybot nelze spustit

[anytime]

úplně vše v pořádku ještě asi není. Občas se mi počítač zasekne, ne ale natrvalo, ale jen na pár vteřin. Hodně se mi to stávalo například při editování log souboru.
Dostávám teď časté chybové hlášky typu:

dwwin.exe - the memory could not be read
searchindexer - the memory could not be written

atd.

[anytime]

první log z mrb

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[anytime]

druhý log z mbr

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

[motji]

UK mě poprosil o převzetí .

Počkám na log z mbamu

najděte C:\Qoobox\Quarantine\C\windows\system32\ACE.dll.vir

Start - ovládací panely - možnosti složky - zobrazení - odkrýt skryté a systémové soubory

Dejte soubor otestovat na http://www.virustotal.com

C:\Qoobox\Quarantine\C\windows\system32\ACE.dll.vir
c:\windows\system32\api_hook_list.dat
c:\windows\system32\HIPIS0e0118e.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\drivers\kgpfr2.cfg

Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.

[anytime]

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1.1.2010 21:46:45
mbam-log-2010-01-01 (21-46-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 227634
Time elapsed: 33 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTkkaodxbitb.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTmxxvjrnsmf.sys.vir (Malware.Packer) -> No action taken.
C:\WINDOWS\system32\krl32mainweq.dll (Trojan.DNSChanger) -> No action taken.

[motji]

V mbamu vše smažte
Pak udělejte co jsem už psala nahoře

[anytime]

http://www.virustotal.com/cs/analisis/b ... 1262383014
http://www.virustotal.com/cs/analisis/5 ... 1262382105
http://www.virustotal.com/cs/analisis/b ... 1262382331
http://www.virustotal.com/cs/analisis/8 ... 1262382472
http://www.virustotal.com/cs/analisis/f ... 1262382860
http://www.virustotal.com/cs/analisis/b ... 1262383014

[motji]

tento soubor C:\Qoobox\Quarantine\C\windows\system32\ACE.dll.vir
jste už také testoval? Výsledek jsem nenašla

Ještě prosím otestujte na www.virustotal.com
c:\windows\system32\notifyf2.dll

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\windows\system32\krl32mainweq.dll
c:\documents and settings\$App-EMEA-PrinterMig\Start Menu\Programs\Startup\
autostart.bat 
Folder::
c:\windows\1C4551A64743409391E41477CD655043.TMP
Extra::
DDS::
uStart Page = hxxp://eu.ask.com?o=15183&l=dis
Firefox::
FF - ProfilePath - c:\documents and settings\jmartinec\Application Data\Mozilla\Firefox\Profiles\roxm8qn2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

A napište, jak to vypadá s počítačem

[anytime]

ace.dll.vir:
http://www.virustotal.com/cs/analisis/d ... 1262426576

notifyf2.dll:
http://www.virustotal.com/cs/analisis/0 ... 1262427010

---------------

Ještě prosím o překontrolování výsledku testování tohoto souboru:
http://www.virustotal.com/cs/analisis/8 ... 1262382472
Je tam nějaký nález a chtěl bych se ujistit, že to nic není.

---------------

Za chvíli pošlu požadovaný combofix

[motji]

c:\windows\system32\krl32mainweq.dll mažu ve skriptu na combofix, mbamu se nepodařil smazat

C:\Qoobox\Quarantine\C\windows\system32\ACE.dll.vir - soubor přejmenujte - smažte koncovku vir a vraťte do složky system32

[anytime]

mbam už nic nenalézá. Tady je závěrečný log z combofixu:


ComboFix 09-12-31.01 - jmartinec 02.01.2010 11:52:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.420.1033.18.3066.2380 [GMT 1:00]
ausgeführt von:: c:\documents and settings\jmartinec\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\jmartinec\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
c:\windows\system32\ACE.dll

.
((((((((((((((((((((((( Dateien erstellt von 2009-12-02 bis 2010-01-02 ))))))))))))))))))))))))))))))
.

2010-01-02 11:01 . 2010-01-02 11:01 40719 ----a-w- c:\windows\system32\api_hook_list.dat
2010-01-02 11:01 . 2008-10-30 14:44 38016 ----a-w- c:\windows\system32\HIPIS0e0118e.dll
2010-01-01 20:12 . 2010-01-01 20:12 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Malwarebytes
2010-01-01 19:24 . 2010-01-01 19:24 77312 ----a-w- C:\mbr.exe
2010-01-01 15:04 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 15:04 . 2010-01-01 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-01 15:04 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 15:04 . 2010-01-01 15:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 18:40 . 2010-01-01 17:25 -------- d-----w- c:\program files\trend micro
2009-12-31 18:40 . 2009-12-31 18:40 -------- d-----w- C:\rsit
2009-12-31 18:19 . 2009-12-31 18:19 -------- d-----w- c:\program files\CCleaner
2009-12-30 19:37 . 2009-12-30 19:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-30 19:31 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-30 19:31 . 2009-12-30 19:31 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-30 19:31 . 2009-12-30 19:31 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-30 19:31 . 2009-12-30 19:31 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-30 19:31 . 2009-12-30 19:31 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-30 19:31 . 2009-12-30 19:31 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-30 19:31 . 2009-12-30 19:31 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-30 19:31 . 2009-12-30 19:31 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-30 19:31 . 2009-12-30 19:31 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-30 19:28 . 2009-12-30 19:28 -------- d-----w- c:\program files\Lavasoft
2009-12-30 19:20 . 2009-12-31 11:19 -------- d-----w- c:\windows\SxsCaPendDel
2009-12-30 14:59 . 2009-12-30 14:59 -------- d-----w- c:\program files\Cinemax
2009-12-30 13:16 . 2009-12-30 13:16 -------- d-----w- c:\program files\ESET
2009-12-30 12:40 . 2009-12-30 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-12-30 12:40 . 2009-12-30 12:40 262144 ----a-w- c:\documents and settings\ntuser.dat
2009-12-30 12:39 . 2009-12-30 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-12-30 12:39 . 2009-12-30 12:39 -------- d-----w- c:\program files\Common Files\iS3
2009-12-28 20:23 . 2009-12-28 20:23 29926 ----a-r- c:\documents and settings\jmartinec\Application Data\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2009-12-28 20:23 . 2005-09-23 21:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-12-28 20:23 . 2009-12-28 20:23 -------- d-----w- c:\program files\Common Files\Pinnacle
2009-12-28 20:22 . 2009-12-28 20:25 -------- d-----w- c:\documents and settings\jmartinec\Local Settings\Application Data\Pinnacle
2009-12-28 20:22 . 2009-12-28 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate Collection
2009-12-28 20:17 . 2009-12-28 20:17 -------- d-----w- c:\program files\Common Files\Pegasus Imaging
2009-12-28 20:17 . 2009-12-28 20:17 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-12-28 20:17 . 2009-12-28 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Studio 14
2009-12-28 20:17 . 2009-12-28 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2009-12-28 16:53 . 2009-12-28 16:53 -------- d-----w- c:\windows\system32\de-DE
2009-12-28 16:49 . 2009-12-28 16:49 -------- d-----w- C:\5498d4549e722309cb9a82bc38
2009-12-28 15:14 . 2009-12-28 20:17 -------- d-----w- c:\program files\Pinnacle
2009-12-28 15:13 . 2009-12-28 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-12-25 11:13 . 2009-12-25 11:13 -------- d--h--r- c:\documents and settings\jmartinec\Application Data\SecuROM
2009-12-24 21:56 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-24 21:56 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-24 21:56 . 2008-04-13 23:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-24 21:56 . 2008-04-13 23:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-22 15:06 . 2009-12-22 15:06 -------- d-----w- c:\windows\system32\LogFiles
2009-12-04 20:39 . 2009-12-19 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-01 22:15 . 2009-10-11 14:37 691160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-01 18:51 . 2009-12-01 19:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-01 18:24 . 2009-12-01 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-01 18:00 . 2009-11-09 19:36 -------- d-----w- c:\program files\ICQ6.5
2010-01-01 09:02 . 2009-11-28 10:58 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-31 20:10 . 2009-10-10 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2009-12-31 13:50 . 2009-10-09 15:23 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Skype
2009-12-31 11:26 . 2009-11-09 19:37 -------- d-----w- c:\documents and settings\jmartinec\Application Data\ICQ
2009-12-31 11:25 . 2009-10-09 15:24 -------- d-----w- c:\documents and settings\jmartinec\Application Data\skypePM
2009-12-30 19:31 . 2009-12-30 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-30 19:31 . 2009-12-30 19:31 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-30 19:31 . 2009-12-30 19:31 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-30 19:31 . 2009-12-30 19:31 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-30 19:30 . 2009-12-30 19:30 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-30 19:30 . 2009-12-30 19:30 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-30 19:30 . 2009-12-30 19:30 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-30 19:30 . 2009-12-30 19:30 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-30 19:30 . 2009-12-30 19:30 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-30 19:30 . 2009-12-30 19:30 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-30 19:30 . 2009-12-30 19:30 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-30 19:28 . 2009-12-30 19:28 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-30 13:05 . 2009-12-30 13:04 520 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-12-30 13:05 . 2009-12-30 13:04 272 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-12-28 20:24 . 2009-10-09 09:47 105592 ----a-w- c:\documents and settings\jmartinec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-28 16:39 . 2009-10-10 18:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-28 16:38 . 2009-10-10 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-28 16:34 . 2009-10-09 15:23 -------- d-----r- c:\program files\Skype
2009-12-28 16:32 . 2009-10-09 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 16:32 . 2009-11-27 19:31 -------- d-----w- c:\program files\Altitude
2009-12-28 16:31 . 2009-10-10 18:21 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-25 11:13 . 2009-11-29 09:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-12-21 18:53 . 2009-11-09 18:47 -------- d-----w- c:\program files\coolpro2
2009-12-04 18:47 . 2009-10-11 14:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-03 21:24 . 2009-10-09 14:17 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2009-12-02 09:39 . 2009-12-02 09:38 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Winamp
2009-12-02 09:39 . 2009-12-02 09:38 -------- d-----w- c:\program files\Winamp
2009-11-29 09:42 . 2009-11-29 09:42 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-29 09:42 . 2009-11-29 09:37 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Hamachi
2009-11-29 09:21 . 2009-11-29 09:16 -------- d-----w- c:\program files\DkZ Studio
2009-11-29 09:16 . 2009-11-02 12:25 737280 ----a-w- c:\windows\iun6002.exe
2009-11-28 13:15 . 2009-10-11 16:07 -------- d-----w- c:\program files\KONAMI
2009-11-28 13:14 . 2009-10-09 08:49 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-28 10:58 . 2009-11-28 10:58 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Talkback
2009-11-28 10:58 . 2009-11-28 10:58 0 ----a-w- c:\windows\nsreg.dat
2009-11-28 10:58 . 2009-11-28 10:58 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Thunderbird
2009-11-24 18:13 . 2009-11-24 18:13 -------- d-----w- c:\program files\DivX
2009-11-24 18:13 . 2009-11-24 18:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-24 15:54 . 2009-11-24 15:16 -------- d-----w- c:\program files\Insectoid 1.0.0
2009-11-24 15:19 . 2009-11-24 15:19 -------- d-----w- c:\documents and settings\jmartinec\Application Data\ActionSoft
2009-11-24 15:19 . 2009-11-24 15:19 4096 ----a-w- c:\windows\d3dx.dat
2009-11-18 07:33 . 2009-11-18 07:33 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Sonic
2009-11-17 17:50 . 2009-11-17 17:50 -------- d-----w- c:\program files\Common Files\DirectX
2009-11-15 09:53 . 2009-11-15 09:53 -------- d-----w- c:\program files\Nokia
2009-11-15 09:53 . 2009-11-15 09:53 -------- d-----w- c:\program files\DIFX
2009-11-15 09:53 . 2009-11-15 09:53 -------- d-----w- c:\program files\PC Connectivity Solution
2009-11-15 09:53 . 2009-11-15 09:53 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-15 09:53 . 2009-11-15 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-11-10 14:02 . 2009-10-07 06:32 2401 ----a-w- c:\windows\system32\drivers\AlKernel.sys
2009-11-10 14:02 . 2009-11-10 14:02 -------- d-----w- c:\program files\Common Files\ESRI
2009-11-10 13:53 . 2009-10-07 06:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 13:46 . 2009-10-07 05:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-10 13:42 . 2009-11-10 13:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-09 18:46 . 2009-11-09 18:46 -------- d-----w- c:\documents and settings\jmartinec\Application Data\Syntrillium
2009-11-05 13:10 . 2009-11-05 13:10 -------- d-----w- c:\program files\Native Instruments
2009-11-05 12:56 . 2009-11-05 12:56 57344 ----a-r- c:\documents and settings\jmartinec\Application Data\Microsoft\Installer\{8FE3E922-C58B-4E18-A923-FC85530C23C5}\NewShortcut7_B56E5B51EA954C948003CC703E2AFAD5.exe
2009-11-05 12:56 . 2009-11-05 12:56 57344 ----a-r- c:\documents and settings\jmartinec\Application Data\Microsoft\Installer\{8FE3E922-C58B-4E18-A923-FC85530C23C5}\NewShortcut1_B56E5B51EA954C948003CC703E2AFAD5.exe
2009-11-05 12:56 . 2009-11-05 12:56 -------- d-----w- c:\program files\Serato
2009-10-16 12:19 . 2009-10-16 12:19 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-10-14 16:03 . 2009-10-14 16:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-13 10:03 . 2009-10-07 04:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-13 10:03 . 2009-10-07 04:53 2850 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-10-09 15:25 . 2009-10-09 15:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-09 12:45 . 2009-10-09 12:04 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-09 12:45 . 2009-10-09 12:04 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-09 07:35 . 2009-10-09 07:35 108544 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-09 07:35 . 2009-10-09 07:35 104960 ------w- c:\windows\system32\pxinsi64.exe
2009-10-09 07:35 . 2004-07-13 00:03 20576 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-10-08 21:11 . 2009-10-07 06:32 41 ----a-w- C:\AClient.dat
2009-10-07 06:47 . 2009-10-07 06:47 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-07 06:31 . 2009-10-07 06:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 05:21 . 2009-10-07 05:21 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{80F4D088-709B-4DC0-905C-8BCD996B00F9}\ARPPRODUCTICON.exe
2009-10-07 05:06 . 2009-10-07 05:06 2097152 --sh--r- C:\PROT_INS.SYS
2009-10-07 05:06 . 2009-10-07 05:06 6 ----a-w- C:\VOL_CHAR.DAT
2009-10-07 05:05 . 2009-10-07 05:05 34616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-07 04:53 . 2009-10-07 04:53 8738 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-10-07 04:52 . 2009-10-07 04:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-02-26 12:39 . 2009-10-09 07:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 12:39 . 2009-10-09 07:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 12:39 . 2009-10-09 07:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 12:39 . 2009-10-09 07:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 05:53 . 2009-10-09 07:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 05:53 . 2009-10-09 07:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((( SnapShot@2010-01-01_18.07.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-02 11:00 . 2010-01-02 11:00 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-01-02 11:01 . 2010-01-02 11:01 16384 c:\windows\Temp\Perflib_Perfdata_68c.dat
+ 2010-01-02 11:01 . 2010-01-02 11:01 16384 c:\windows\Temp\Perflib_Perfdata_624.dat
+ 2010-01-02 10:45 . 2010-01-02 10:45 16384 c:\windows\Temp\Perflib_Perfdata_604.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"Check Point Endpoint Tray Application"="c:\program files\Common Files\Check Point\UIFramework\cptray.exe" [2008-08-08 75248]
"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2008-08-12 813616]
"DI-Tag-Systray"="c:\program files\TWDC\DI-Tag\DI-Tag-Refresh.exe" [2006-05-17 40960]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 408088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-07 148888]
"AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2010-01-02 184320]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"Korean IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE" [2006-10-26 26400]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2008-10-30 972096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\$App-EMEA-PrinterMig\Start Menu\Programs\Startup\
autostart.bat [2009-1-12 117]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
autostart.bat [2009-1-12 117]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoOnlinePrintsWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoThemesTab"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\AMInit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [6/17/2009 2:01 PM 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/30/2009 8:31 PM 64288]
R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [8/12/2008 11:30 AM 214320]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;c:\program files\Intel\AMT\atchksrv.exe [10/7/2009 7:30 AM 182808]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [4/23/2009 1:23 PM 35691]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [10/30/2008 3:44 PM 1467712]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [6/5/2008 12:02 AM 87416]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 PM 1181328]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [4/29/2009 7:07 PM 21256]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/7/2009 6:18 AM 70216]
R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [8/12/2008 11:31 AM 469552]
R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [8/12/2008 11:31 AM 174640]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/7/2009 7:30 AM 1464856]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [10/7/2009 3:36 PM 480640]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/7/2009 3:37 PM 243856]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2/29/2008 10:09 AM 42056]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [10/9/2009 3:17 PM 108280]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [10/9/2009 3:17 PM 37400]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [10/9/2009 3:17 PM 34432]
R3 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [10/9/2009 3:20 PM 34408]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [6/17/2009 2:02 PM 29192]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2/29/2008 10:09 AM 42056]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [6/17/2009 2:01 PM 25480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/7/2009 6:18 AM 65224]
S3 uxkx1;ASUS My Cinema U3100 Mini DVBT;c:\windows\system32\drivers\uxkx1.sys [7/11/2009 12:16 PM 459264]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/10/2009 7:14 PM 691696]
.
Inhalt des "geplante Tasks" Ordners

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]

2010-01-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:30]
.
.
------- Zusätzlicher Suchlauf -------
.
mStart Page = hxxp://enterpriseportal.blender.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\jmartinec\Application Data\Mozilla\Firefox\Profiles\roxm8qn2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.cz
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\jmartinec\Application Data\Mozilla\Firefox\Profiles\roxm8qn2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 12:02
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1220945662-776561741-1801674531-107831\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,db,9e,29,22,e8,2e,94,d2,61,b6,f3,f7,7c,e0,4c,4b,ea,d8,eb,56,a2,ef,
7c,5e,50,f6,05,a1,ff,0f,03,bc,8d,e5,1e,4a,aa,3b,43,b7,c1,8e,62,5b,7c,b2,00,\
"??"=hex:f5,b0,fe,04,ca,e0,96,fd,df,e6,ff,9e,b2,92,cf,ef
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1776)
c:\windows\system32\pssogina.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'lsass.exe'(1832)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll

- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\WININET.dll
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\IEFRAME.dll

- - - - - - - > 'csrss.exe'(1744)
c:\windows\system32\HcApi.dll
c:\windows\system32\KevlarSigs.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Altiris\AClient\AClient.exe
c:\program files\Altiris\Altiris Agent\AeXNSAgent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee\Common Framework\UdaterUI.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\McAfee\VirusScan Enterprise\ShStat.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-01-02 12:07:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-01-02 11:07
ComboFix2.txt 2010-01-01 18:11

Vor Suchlauf: 48 543 096 832 bytes free
Nach Suchlauf: 48 510 726 144 bytes free

- - End Of File - - 62633A4D20EFCEF08A64F16482EC6B83

-----------------------------------------------------------------------
Počítač přestal dělat brikule, chová se zatím normálně a nezasekává se. Je ale pravdou, že doteď jsem na něm jenom pouštěl detekční nástroje a neustále ho restartoval. Teď začnu s běžným používáním a uvidím. Velice Vám všem děkuji za pomoc, jste pašáci!!!

[anytime]

tak jsem trochu předběhl. Sice už mi dlouho nedošlo k úplnému zamrznutí, stále se mi ale stává, že počítač v nepravidelných intervalech na chvilinku zamrzá. Zvuk nebo hudba se v tu chvíli promění v bzučení a pak zase pokračuje. Nebo třeba když napíšu "ahoj" do poznámkového bloku a počítač na chvilku zamrzne po napsání prvního písmena, přestože ahoj skutečně napíšu, když se počítač vzpamatuje, dopíše několikrát druhé písmeno -> ahhhhhhhhhhhhhhh. Chápu, že je to asi trochu zbytečný popis, ale snažím se pro vás vystihnout povahu zamrzání

[motji]

Ještě jednou si vytáhněte z karantény c:\windows\system32\ACE.dll.
Troufnete si na jednu opravu? Ale předem si zazálohujte data, a dělejte s programem opravdu opatrně, at si nezničíte disk.Hlavně pracujte s fyzickým diskem

Stell píše

1:Vypni Firewall>spust program HXD<klikni hore na ikonku pevneho disku>na karte ktora sa objavi>pod Fyzicke disky>Klik >oznac PEVNY DISK>vyber fajku >otvor len na citanie>klik>ok a este raz OK>


2:V pravo hore >je napisane >sector>a okienko + sipky>budes nastavovat a hladat sectory so sipkamy>sector 0>je MBR>a sector -63 je BOOT>Nebabrat>sector 1-62 maju byt Nulove>000000000000.

3:Program HXD otvor na plnu obrazovku>nastav so sipkou sector napriklad-1>ak cely sector 1-je nulova stlac lavu mysku oznac ho> pravy klik kopirovat presne cely nulovy sector>ale presne od ciary po ciaru

4:Skontroluj zo sipkamy sectory 1-62 a kde nie je cely sector nulovy stlac lavu mysku oznac presne cely sector>pravy klik>PREPISAT.

5:prepisu sa ti na cerveno>na 0000000-ly>ak toto budes mat klik v pravom hornom rohu na krizik a zatvor program HXD,objavi sa ti okno ci chces zmenu ulozit suhlasis.Zatvoris program HXD>restartnes >PC< a po restarte spust mbr.exe a vloz sem log.
Nepomyl sa nie ze zacnes prepisovat logicke disky

V logu jde vidět pozůstatek po Mbr rootkitu, takhle bychom to vyčistili .

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[anytime]

tak AVP log:

Autoscan: completed <1 minute ago (events: 4, objects: 291677, time: 00:58:29)
2.1.2010 15:37:04 Task started
2.1.2010 16:28:00 Detected: Packed.Win32.TDSS.aa C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTndmmykteso.dll.vir
2.1.2010 16:28:43 Deleted: Packed.Win32.TDSS.aa C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTndmmykteso.dll.vir
2.1.2010 16:35:34 Task completed

---------

Dovolím si hodně, ale ta uvedená stellova citace pro užití HxD mě fakt straší. Je to tak zmatečně napsané, že jsem se podle toho nikam nedokázal dostat neexistuje jiná cesta?

[motji]

Poprosím Vás, můžete v registru (dáte start - spustit - regedit - ok) najít tyto dva klíče
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

a vyexportovat je? (najdete klíč, pak dáte nahoře soubor - exportovat, někam ho uložíte. Oba soubory dáte do zipu nebo raru a přiložíte zde jako přílohu)

Jak to ted vypadá s počítačem?

Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)


Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?

Pomůže Vám Naughtyho návod?

Stahni HxD portable http://mh-nexus.de/en/downloads.php?product=HxD na plochu
- rozbal tak aby nebyl v zadne slozce, idealne na Ccko.
- spusti a potvrd vyzvu
- klikne na otvor disk - dulezite: zvol pevne (fyzicke disky) disky
- pevny disk 1
- do nabitky napis, ktery sektor chces otevrit
- zmacknes normalne enter, program navede primo na sektor
- najdi sektory:

0

63

- oznacis znaky v celem sektor (mely by byt nuly, nebudou vsady)
- mysanem kliknes pravym das kopirovat
- obsahy mi zkopiruj

nahled pro predstavu:

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00.....

Prepsani sektoru
--------------------


spustis HxD
- kliknes otevrit pevny disk (fyzicky disk 1), ale tentokrat odkliknes ze ctverecku fajku "Jen pro cteni"
- program se otevre v edit mode
- najdi sektor 63
- oznac mysanem cely sektor63
- zvol moznost vypln vyber (3 moznost od spodu mezi dvema carami - mam slovenskou verzi) otevrese ti prednastavene hodnoty (mely by tam byt hex 00) das Ok.
- zavres program, pri zavirani potvrdis zmenu.
- restart pc
- kouknes, zda se skutecne prepsal 63 sektor