Error ve Win7..prosím o kontrolu logu + Vyřešeno

[Juri]

Mám to tu:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8n3ta.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}\chrome\mozapps\extensions folder moved successfully.
C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8n3ta.default\searchplugins\daemon-search.xml moved successfully.
========== FILES ==========
File\Folder C:\32788R22FWJFW not found.
File\Folder C:\Windows\SWXCACLS.exe not found.
File\Folder C:\Windows\SWREG.exe not found.
File\Folder C:\Windows\SWSC.exe not found.
File\Folder C:\Windows\NIRCMD.exe not found.
File\Folder C:\Qoobox not found.
File\Folder C:\Windows\PEV.exe not found.
File\Folder C:\Windows\sed.exe not found.
File\Folder C:\Windows\MBR.exe not found.
File\Folder C:\Windows\grep.exe not found.
File\Folder C:\Windows\zip.exe not found.
File\Folder C:\Users\Jirka\Desktop\ComboFix.exe not found.
C:\w7ldr moved successfully.
C:\winx.ld moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jirka
->Temp folder emptied: 1615 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6479339 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jirka USER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02092011_002935

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Reklama]

[jaro3]

Napiš , jak to vypadá , problémy.

[Juri]

Zdravím,
zatím to vypadá myslím dobře, teda co jsem zkoušel jen dnes, včera večer (nebo spíš dnes ráno ) mi nějak blbnul při nabíhání systému průzkumník..musel jsem ho samotnýho častokrát restartovat..pak už jsem to nechal být.

Hlavní problém ted vidím v nefungujícímu připojení k netu..to už přetrvává ale dýl, však jsem to tu psal memphistovi. Ve správci jsem se díval a bude tam nějakej problém po odinstalovaným Avastu asi..zkoušel jsem zakázat i odinstalovat a nejde nic

Přikládám screen: http://upload.svetobrazku.cz/images/arx1297240582a.jpg

Už musím do práce, tak se tu ukážu až večer..zatím díky

[jaro3]

Vše , co máš ve správci - síťové adaptéry--Avast! , AvFw---klikni pravým a vyber odinstalovat.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
ipconfig /flushdns /c

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[Juri]

Zdravím, tak jsem z práce doma..a hurá na to

Hned jak jsem zapl PC W7 naběhly jen z části..tak, jak jsem už popisoval..při kliku na lištu to na mě opět vybaflo "Program průzkumník windows neodpovídá".. ..musel jsem ho restartovat, abych provedl tu tvou operaci s OtL. Zvláštní, že po ukončení a rebootu to najelo normalně..vč logu hm..

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
========== FILES ==========
< ipconfig /flushdns /c >
Konfigurace protokolu IP syst‚mu Windows
MezipamŘś pýekl d nˇ DNS byla ŁspŘçnŘ vypr zdnŘna.
C:\Users\Jirka\Desktop\cmd.bat deleted successfully.
C:\Users\Jirka\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jirka
->Temp folder emptied: 6557931 bytes
->Temporary Internet Files folder emptied: 38424 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 856432 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jirka USER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1225 bytes

Total Files Cleaned = 7,00 mb


[EMPTYFLASH]

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jirka
->Flash cache emptied: 0 bytes

User: Jirka USER
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02092011_235838

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Juri]

BTW..co se týč těch síťových adaptérů a'la Avast ve správci zařízení...odinstalovat ani zakázat nejdou..pořád je tam mám:-(

[Juri]

Ještě než půjdu spát hodím sem logy i z hijackthis, DDS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:53:11, on 10.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Jirka\Desktop\Programy log systemu\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Core Temp] "C:\Portable aplikace\CoreTemp32\Core Temp.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{92C1CD9A-9950-4160-AF99-0BCEDA1F4CA2}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{92C1CD9A-9950-4160-AF99-0BCEDA1F4CA2}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{92C1CD9A-9950-4160-AF99-0BCEDA1F4CA2}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe

--
End of file - 8074 bytes

[Juri]

DDS (Ver_10-12-12.02) - NTFSx86
Run by Jirka at 0:56:24,00 on źt 10.02.2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.3582.2501 [GMT 1:00]

AV: COMODO Antivirus *Enabled/Outdated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
SP: COMODO Defense+ *Enabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\Windows\MODPS2KEY.EXE
C:\Fraps\fraps.exe
D:\Portable aplikace\AIDA64 Extreme Edition 1.50.1236 Beta\Software\aida64.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Jirka\Desktop\Programy log systemu\DDS\aadds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://www.google.cz/
uLocal Page =
mCustomizeSearch =
mSearchAssistant =
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll
uRun: [Core Temp] "c:\portable aplikace\coretemp32\Core Temp.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Classic Start Menu] c:\program files\classic shell\ClassicStartMenu.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {92C1CD9A-9950-4160-AF99-0BCEDA1F4CA2} = 156.154.70.25,156.154.71.25
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\jirka\appdata\roaming\mozilla\firefox\profiles\8ix8n3ta.default\
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\jirka\appdata\roaming\mozilla\firefox\profiles\8ix8n3ta.default\extensions\cfxhelper@triton\components\dwmxpcom.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft research\hd view\nphdview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\webzen\webzengamestarter\NPGameWebStarter.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jirka\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\jirka\appdata\roaming\mozilla\firefox\profiles\8ix8n3ta.default\extensions\maps@ovi.com\plugins\npNMapNPR.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox 4.0 beta 9\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Chromifox Extreme: cfxe@Triton - %profile%\extensions\cfxe@Triton
FF - Ext: Chromifox Extreme Carbon: cfxec@Triton - %profile%\extensions\cfxec@Triton
FF - Ext: Chromifox Companion: cfxHelper@Triton - %profile%\extensions\cfxHelper@Triton
FF - Ext: Read It Later: isreaditlater@ideashower.com - %profile%\extensions\isreaditlater@ideashower.com
FF - Ext: Ovi maps browser plugin: maps@ovi.com - %profile%\extensions\maps@ovi.com
FF - Ext: Personas Expression: personasexpression@eddiescorpse.private - %profile%\extensions\personasexpression@eddiescorpse.private
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: Hide IP Easy: support@easy-hideip.com - %profile%\extensions\support@easy-hideip.com
FF - Ext: MacOSX Theme: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9} - %profile%\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
FF - Ext: MacOSX Theme: {00352F14-3F76-4e4d-ACFF-9976D7E4B3B9} - %profile%\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: Context Search: {902D2C4A-457A-4EF9-AD43-7014562929FF} - %profile%\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: UnMHT: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} - %profile%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension

---- FIREFOX POLICIES ----


============= SERVICES / DRIVERS ===============

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2010-11-19 752128]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 17256]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 35768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-7 218688]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-11-19 3975088]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-1-5 10448]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-3 2222376]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-11-19 163232]
R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [2009-6-10 1169920]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2010-2-24 178913]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2010-10-8 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-1 136176]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2007-8-29 1183744]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2010-11-4 17488]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2011-1-5 129440]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2010-11-4 24944]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-8 27192]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2011-1-6 12800]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-6 1343400]
S3 wxpSvc;webcamXP Service;c:\program files\wlite\wService.exe [2010-5-2 5027328]
S4 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-18 1044808]

=============== Created Last 30 ================

2011-02-09 23:55:30 5296 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-09 01:00:40 -------- d--h--w- C:\VritualRoot
2011-02-08 21:59:37 -------- d-----w- C:\_OTL
2011-02-08 21:24:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-08 15:44:42 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-08 15:42:05 -------- d-----w- c:\users\jirka\appdata\local\temp
2011-02-08 00:26:03 1700352 begin_of_the_skype_highlighting              03 1700352      end_of_the_skype_highlighting ----a-w- c:\windows\system32\gdiplus.dll
2011-02-08 00:21:36 1256096 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-02-08 00:05:43 -------- d-----w- c:\program files\COMODO
2011-02-08 00:04:39 -------- d-----w- c:\progra~2\Comodo
2011-02-07 17:47:11 -------- d-----w- c:\program files\PicLensIE
2011-02-07 17:45:52 -------- d-----w- c:\users\jirka\appdata\local\Cooliris
2011-02-07 14:09:02 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-02-07 14:08:45 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-02-07 13:54:07 -------- d-----w- c:\users\jirka\appdata\local\{BEB69B3D-5833-4825-93D7-235E9D519EA3}
2011-02-07 13:53:53 -------- d-----w- c:\users\jirka\appdata\roaming\Windows Live Writer
2011-02-07 13:53:53 -------- d-----w- c:\users\jirka\appdata\local\Windows Live Writer
2011-02-07 13:53:03 -------- d-----w- c:\windows\en
2011-02-07 13:52:16 -------- d-----w- c:\windows\cs
2011-02-07 12:43:19 -------- d-----w- c:\users\jirka\appdata\local\Apple
2011-02-06 01:31:12 -------- d-----w- c:\users\jirka\appdata\local\Adobe
2011-02-05 09:16:02 -------- d-----w- c:\users\jirka\appdata\local\Secunia PSI
2011-02-05 09:15:55 -------- d-----w- c:\program files\Secunia
2011-02-05 00:07:58 -------- d-----r- C:\bootwiz
2011-02-04 23:35:08 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5b7cf2f4-de89-4164-b227-0c06de577648}\mpengine.dll
2011-02-03 14:01:57 -------- d-----w- c:\program files\NirSoft
2011-02-03 11:30:04 475648 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.scr
2011-02-03 11:30:04 1061888 ----a-w- c:\windows\system32\MyDefragScreenSaver_v4.3.1.exe
2011-02-03 11:30:04 -------- d-----w- c:\program files\MyDefrag v4.3.1
2011-02-03 11:21:29 -------- d-----w- c:\users\jirka\appdata\roaming\Smart PC Solutions
2011-02-03 11:21:06 -------- d-----w- c:\program files\Smart PC Solutions
2011-02-03 08:48:17 -------- d-----w- c:\program files\AkelPad
2011-02-02 14:00:52 -------- d-----w- c:\users\jirka\appdata\roaming\Xilisoft
2011-02-02 13:59:12 -------- d-----w- c:\program files\Xilisoft
2011-02-01 01:54:54 312320 ----a-w- c:\windows\system32\proppage.dll
2011-02-01 01:54:54 11264 ----a-w- c:\windows\system32\MMShellHook.dll
2011-02-01 01:54:53 655872 ----a-w- c:\windows\system32\msvcr90.dll
2011-02-01 01:54:53 -------- d-----w- c:\users\jirka\appdata\roaming\Media Control
2011-02-01 01:54:53 -------- d-----w- c:\program files\Media Control
2011-01-31 22:26:42 -------- d-----w- c:\program files\iTunes
2011-01-31 22:26:42 -------- d-----w- c:\program files\iPod
2011-01-31 22:25:27 -------- d-----w- c:\program files\Bonjour
2011-01-31 01:01:36 -------- d-----w- c:\users\jirka\appdata\roaming\VOS
2011-01-31 00:44:13 -------- d-----w- c:\users\jirka\appdata\local\Thinstall
2011-01-31 00:11:26 -------- d-----w- c:\users\jirka\appdata\local\Hardcoded Software
2011-01-31 00:11:15 -------- d-----w- c:\program files\Hardcoded Software
2011-01-28 05:44:37 -------- d-----w- c:\users\jirka\appdata\roaming\Stardock
2011-01-28 05:44:18 -------- d-----w- c:\users\jirka\appdata\local\PackageAware
2011-01-26 08:49:26 -------- d-----w- c:\program files\MSI Afterburner
2011-01-25 09:51:12 -------- d-----w- c:\windows\$regcmp$
2011-01-25 08:51:38 -------- d-----w- c:\progra~2\Martau
2011-01-25 08:51:36 -------- d-----w- c:\program files\Total Uninstall 5
2011-01-25 02:01:23 -------- d-----w- C:\Documents and Settings
2011-01-24 19:55:53 -------- d-----w- c:\users\jirka\appdata\roaming\2K Sports
2011-01-24 14:39:27 -------- d-----w- c:\progra~2\KONAMI
2011-01-24 14:29:10 -------- d-----w- c:\users\jirka\appdata\roaming\Mikogo
2011-01-24 13:02:27 -------- d-----w- c:\program files\MP3Gain
2011-01-24 11:37:42 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-01-24 11:37:42 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-01-24 11:37:42 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-24 11:37:42 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-24 11:37:42 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2011-01-24 11:37:42 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-24 11:37:42 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-24 11:37:42 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-24 11:37:42 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-24 11:37:42 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-24 11:37:42 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-19 19:06:27 -------- d-----w- c:\users\jirka\appdata\roaming\UseNeXT
2011-01-19 19:06:17 -------- d-----w- c:\program files\UseNeXT
2011-01-19 19:05:14 -------- d-----w- c:\program files\Defraggler
2011-01-19 17:51:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-19 17:51:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 17:51:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-17 02:47:41 -------- d-----w- c:\program files\PhotoZoom Pro 4
2011-01-17 00:11:49 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 9
2011-01-11 20:39:03 -------- d-----w- c:\program files\Lavalys
2011-01-11 19:03:14 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-11 19:02:11 -------- d-----w- c:\progra~2\NokiaInstallerCache
2011-01-11 00:47:00 -------- d-----w- c:\users\jirka\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-01-11 00:47:00 -------- d-----w- c:\users\jirka\appdata\roaming\Adobe Mini Bridge CS5

==================== Find3M ====================

2011-01-25 09:24:43 17488 ----a-w- c:\windows\gdrv.sys
2011-01-24 22:11:25 17488 ----a-w- c:\windows\etdrv.sys
2011-01-05 16:14:10 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-05 16:14:10 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-12-29 00:42:04 285480 ----a-w- c:\windows\system32\guard32.dll
2010-12-24 07:45:52 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD6401AALS-00L3B2 rev.01.03B01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85D281F8]<<
_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x85d28008; MOV EAX, 0x8ca33fee; CALL EAX; }
1 ntkrnlpa!IofCallDriver[0x8325B458] -> \Device\Harddisk0\DR0[0x86B92650]
3 CLASSPNP[0x8D47F59E] -> ntkrnlpa!IofCallDriver[0x8325B458] -> [0x86A31898]
5 ACPI[0x8CB4C3B2] -> ntkrnlpa!IofCallDriver[0x8325B458] -> \Device\Ide\IdeDeviceP2T0L0-2[0x86AA1030]
\Driver\atapi[0x86A90278] -> IRP_MJ_CREATE -> 0x85D281F8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 0:58:38,40 ===============

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"


Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

:Files
c:\users\jirka\appdata\local\{BEB69B3D-5833-4825-93D7-235E9D519EA3}

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

c:\users\jirka\appdata\roaming\VOS---znáš tento program?)

Stáhni Bootkit Remover

-ulož na plochu
-spusť
- pak klikni do černého okna a zkopíruj sem výsledek, případně dej screen

[Juri]

Zdravím, tak v HJT fixnuto cos mi napsal..

Ten program ve složce VOS znám, byl to HDD Regenerator, už je to asi jen nějakej zbytek po programu, instalovaný už není.

Log OTL:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
========== FILES ==========
c:\users\jirka\appdata\local\{BEB69B3D-5833-4825-93D7-235E9D519EA3} folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jirka
->Temp folder emptied: 159316 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5572777 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jirka USER
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5296 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02112011_170026

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Bootkit Remover

Bootkit Remover
(c) 2009 eSage Lab
http://www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

[jaro3]

Stáhni si HD Tune

-nainstaluj, spusť program, klikni na záložku Error scan
Spusť Start a počkej , až skončí svojí práci. Pokud budou všechny čtverečky zelené je disk OK , pokud budou některá červená , disk odchází.

Na RAM zkus:

GoldMemory 6.92


GoldMemory je diagnostický program pro důkladné testování pamětového subsystému na
PC-kompatibilních počítačích (architektura x86).
nezávislost na operačním systému ("GMLoader")
http://www.goldmemory.cz/manual_cz.php

http://www.goldmemory.cz/screen_cz.php

Program GoldMemory je schopen detekovat některé z následujících chybových stavů:

vadné komponenty (HW chyby)
nekompatibilita jednotlivých částí paměťového subsystému (paměťové moduly,čipset,zákl.deska)
nesprávné nastavení čipsetové sady,časování paměti (BIOS SETUP)
chyby v důsledku přetaktování (overclocking)
chyby, které se objeví až při intenzívním zatížení testovaného HW
nestabilní napájení (základní deska, napájecí zdroj)
chyby, které nastanou vlivem teplotní nestability (přehřátí)
Parametry programu GoldMemory 6.92Aktualizováno: 3. 4. 2007

Instalace/použití:

1) "Stand-alone" GoldMemory (doporučeno)

Program je spuštěn nezávisle na jakémkoliv OS:

a) GoldMemory bootovací disketa

b) GoldMemory bootovací CD
V těchto případech NENÍ možné využívat protokolování do souboru.

Obě tyto možnosti používají zavaděč programu "GMLoader",
který umožnuje spuštění programu GoldMemory bez použití operačního systému DOS.

[Juri]

Tak HDD i memory bez chyb, v pořádku...ani jsem neočekával jiný výsledek.
Na net se pořád nemůžu dostat, systém se chová stále nějak divně..hlavně při startu..
Ty ovladače od Avastu, v tom správci zařízení, kvůli kterým mě nejde pravděpodobně net nejdou odinstalovat ani zakázat, jak jsem již psal..tak už nevím, asi to vypadá na ten komplet reinstal win...co myslíte?