prosím o kontrolu logu:)

LifeRoma · Příspěvekod **LifeRoma** » 19 úno 2009 11:26

Se Spybotem jsem udělal vše a restartoval PC, ale nejde mi stáhnout ResetTeaTimer.bat jak kliknu na ten odkaz tak to píše Not Found... mám to přeskočit a stáhnoput si ComboFix (by sUBs), nebo to mám dělat postupně..

Reklama

Příspěvekod **jaro3** » 19 úno 2009 21:07

Spybot úplně deaktivuj a použij Combofix.

LifeRoma · Příspěvekod **LifeRoma** » 21 úno 2009 10:36

"Výborný " ten program... tak jsem ho spustil a nan nic jsem neklikal.. tak jsem se jen díval co to píše fáze 1 hotovo, fáze 2 hotovo td. a nějak při 30. fáze to napsalo smazány soubory c:\windows\System32\.. a tady nějaké dva(víz. log) tak se PC restartovaů a už nenaběhl.. při spuštění to psalo chybu, že systém namůže najet, protože mu chybý nějaký soubor. A jaký to byl soubor..ten co mi smazal combofix... jinak přikládám jeho log. jak s emi to povedlo znova spustit, tak combofix byl hotov a vytvořil log...tady je:
ComboFix 09-02-19.01 - roman 2009-02-20 19:25:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.2047.1314 [GMT 1:00]
Spuštěný z: c:\users\roman\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090219-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\mSDLknmp.ini
c:\windows\system32\mSDLknmp.ini2

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-21 do 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 10:09 . 2009-02-21 10:10 235,096,252 --a------ c:\windows\MEMORY.DMP
2009-02-20 10:37 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-20 10:37 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-20 10:37 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-20 10:37 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-20 10:37 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-20 10:37 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-20 10:37 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-20 10:37 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-20 10:35 . 2009-02-20 10:37 38,731,776 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-20 10:35 . 2009-02-20 10:37 131,072 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-20 10:35 . 2009-02-20 10:37 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-20 10:31 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-20 10:31 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-20 10:31 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-20 10:31 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-20 10:31 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-20 10:25 . 2008-12-16 04:14 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-02-18 23:23 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-02-18 23:10 . 2009-02-18 23:10 <DIR> d-------- c:\program files\Alwil Software
2009-02-16 17:08 . 2009-02-16 17:08 <DIR> d-------- C:\aplikace pro panel
2009-02-15 18:40 . 2009-02-15 18:57 1,908 --a------ c:\windows\diagwrn.xml
2009-02-15 18:40 . 2009-02-15 18:57 1,908 --a------ c:\windows\diagerr.xml
2009-02-15 11:58 . 2009-02-15 12:10 <DIR> d-------- c:\program files\CCleaner
2009-02-14 13:09 . 2009-02-15 13:04 <DIR> d-------- c:\program files\Cyanide
2009-02-11 21:39 . 2009-02-11 21:39 <DIR> d-------- c:\users\roman\AppData\Roaming\Malwarebytes
2009-02-11 21:39 . 2009-02-11 21:39 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-11 21:39 . 2009-02-11 21:39 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-11 21:39 . 2009-02-11 21:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 21:39 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-11 21:39 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-11 19:36 . 2009-02-11 19:36 <DIR> d-------- c:\program files\Trend Micro
2009-02-09 21:23 . 2009-02-09 21:23 0 --ah----- c:\windows\SwSys2.bmp
2009-02-09 21:23 . 2009-02-09 21:23 0 --ah----- c:\windows\SwSys1.bmp
2009-02-09 21:15 . 2009-02-09 21:15 <DIR> d-------- c:\users\All Users\2DBoy
2009-02-09 21:15 . 2009-02-09 21:15 <DIR> d-------- c:\programdata\2DBoy
2009-02-06 16:11 . 2009-02-06 16:13 <DIR> d-------- c:\program files\TO2SSM
2009-02-06 16:07 . 2009-02-06 16:24 <DIR> d-------- c:\users\roman\AppData\Roaming\Motive
2009-02-06 16:06 . 2009-02-08 11:13 <DIR> d-------- c:\program files\TO2SAM
2009-02-06 16:06 . 2009-02-06 16:12 <DIR> d-------- c:\program files\Common Files\Motive
2009-02-06 16:05 . 2009-02-06 16:13 <DIR> d-------- c:\users\All Users\Motive
2009-02-06 16:05 . 2009-02-06 16:13 <DIR> d-------- c:\programdata\Motive
2009-02-04 20:32 . 2009-02-04 20:33 <DIR> d-------- c:\users\roman\AppData\Roaming\PC Suite
2009-02-04 20:31 . 2009-02-04 20:33 <DIR> d-------- c:\users\roman\AppData\Roaming\Nokia
2009-02-04 20:31 . 2009-02-04 20:33 <DIR> d-------- c:\users\All Users\PC Suite
2009-02-04 20:31 . 2009-02-04 20:33 <DIR> d-------- c:\programdata\PC Suite
2009-02-04 20:26 . 2009-02-04 20:26 <DIR> d-------- c:\program files\DIFX
2009-02-04 20:26 . 2009-02-04 20:26 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-04 20:26 . 2009-02-04 20:26 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-04 20:26 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2009-02-04 20:24 . 2009-02-04 20:26 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-04 20:24 . 2009-02-04 20:24 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-04 20:20 . 2009-02-04 20:26 <DIR> d-------- c:\program files\Nokia
2009-02-04 20:19 . 2009-02-04 20:19 <DIR> d-------- c:\users\All Users\Installations
2009-02-04 20:19 . 2009-02-04 20:19 <DIR> d-------- c:\programdata\Installations
2009-02-03 16:51 . 2004-04-14 07:52 46,976 --a------ c:\windows\System32\drivers\MosIrUsb.sys
2009-02-02 20:22 . 2009-02-02 20:22 <DIR> d-------- c:\program files\Common Files\SWF Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 17:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-20 17:33 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-20 10:07 --------- d-----w c:\program files\Windows Mail
2009-02-19 12:16 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-13 18:09 --------- d-----w c:\users\roman\AppData\Roaming\Skype
2009-02-13 15:13 --------- d-----w c:\users\roman\AppData\Roaming\skypePM
2009-02-02 19:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-30 22:37 --------- d-----w c:\program files\MyPhoneExplorer
2009-01-26 17:18 --------- d-----w c:\users\roman\AppData\Roaming\LimeWire
2009-01-24 11:26 22,328 ----a-w c:\users\roman\AppData\Roaming\PnkBstrK.sys
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-12 21:00 --------- d-----w c:\users\roman\AppData\Roaming\Hamachi
2009-01-12 20:42 --------- d-----w c:\program files\Q3E Minimizer v1.51
2009-01-08 11:15 --------- d-----w c:\program files\HWiNFO32
2009-01-08 11:10 --------- d-----w c:\users\roman\AppData\Roaming\GRETECH
2009-01-08 11:08 --------- d-----w c:\program files\QuickTime Alternative
2009-01-08 11:08 --------- d-----w c:\program files\GRETECH
2009-01-08 11:07 --------- d-----w c:\programdata\Apple Computer
2009-01-03 12:28 --------- d-----w c:\users\roman\AppData\Roaming\Kingston
2009-01-03 12:21 --------- d-----w c:\programdata\TrackMania
2009-01-02 16:20 --------- d-----w c:\programdata\Apple
2009-01-02 16:20 --------- d-----w c:\program files\Apple Software Update
2008-12-31 11:17 --------- d-----w c:\programdata\PC Drivers HeadQuarters
2008-12-31 11:17 --------- d-----w c:\program files\PC Drivers HeadQuarters
2008-12-31 11:15 --------- d-----w c:\users\roman\AppData\Roaming\Download Manager
2008-12-25 15:38 --------- d-----w c:\program files\DOSBox-0.72
2008-12-21 20:26 --------- d-----w c:\users\roman\AppData\Roaming\Hide IP NG
2008-12-14 18:32 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-18 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.fraunhoferacm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\pmnkLDSm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2009-02-05 22:08 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-09-17 23:55 92704 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
--a------ 2008-08-15 17:33 1473536 c:\program files\TO2SSM\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-07-18 09:53 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1739646807-1506169463-2443122476-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{EE4A5FEB-9008-4A0A-A1CB-5FA1EB407A6D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{81F94F8E-F9FA-4659-9938-2705285F4C08}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{5718BC3B-F5F9-4A14-A49E-AF242DE73B8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5F06F3D2-D0B9-4D5A-BDD2-EBED118BB3F3}d:\\hry\\wolfenstein-enemy territory\\et.exe"= UDP:d:\hry\wolfenstein-enemy territory\et.exe:ET
"UDP Query User{F732ADAC-5F53-4AD9-B5EA-BFD0F917CEFD}d:\\hry\\wolfenstein-enemy territory\\et.exe"= TCP:d:\hry\wolfenstein-enemy territory\et.exe:ET
"{4C21DBDF-465C-463F-BAFE-8A775C0E52A8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8D81BF24-9D58-4C86-A08A-94B0766F9FE2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{925642D8-BF9E-45C6-BCEC-C6BB3CC5284F}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{8C3F0576-972E-46D2-B7AC-5C7FF4ABCE17}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{9598A5CB-B792-4D60-A503-5BA5A66294B7}d:\\hry\\vietcong2\\vietcong2.exe"= UDP:d:\hry\vietcong2\vietcong2.exe:vietcong2
"UDP Query User{77B73019-6919-4F3E-9D59-8379C4F60BE3}d:\\hry\\vietcong2\\vietcong2.exe"= TCP:d:\hry\vietcong2\vietcong2.exe:vietcong2
"{4C10BC76-E6DF-4437-BCB7-D05413158AB3}"= UDP:d:\hry\Assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D942602D-CDA1-4BD5-A7E6-2370CC24C37A}"= TCP:d:\hry\Assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C7ADF4E6-09A8-4D0B-9E0A-01674C6F15EB}"= UDP:d:\hry\Assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6994D0E6-13F8-46F0-A44D-0BBFA26488F0}"= TCP:d:\hry\Assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{03E8B316-D94B-4955-B2CB-8FFB24742E36}"= UDP:d:\hry\Assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{36B3EA18-1AB6-47EC-A112-8ABA9172DA10}"= TCP:d:\hry\Assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{BFCB0AA3-91A3-4DE1-A80B-FD4183C75BF2}d:\\hry\\medal of honor aa\\mohaa.exe"= UDP:d:\hry\medal of honor aa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{947E825D-D7EB-45C6-853C-AEDA037BA824}d:\\hry\\medal of honor aa\\mohaa.exe"= TCP:d:\hry\medal of honor aa\mohaa.exe:Medal of Honor Allied Assault
"TCP Query User{CFC6A4CB-9A75-4673-8575-BF7830C539F7}d:\\hry\\sniper elite\\sniperelite.exe"= UDP:d:\hry\sniper elite\sniperelite.exe:SniperElite
"UDP Query User{8D056E0D-D20D-4929-9320-BA9B4541B0D9}d:\\hry\\sniper elite\\sniperelite.exe"= TCP:d:\hry\sniper elite\sniperelite.exe:SniperElite
"TCP Query User{E3DAA2FE-EE52-43EE-99FF-FC681B654889}d:\\hry\\quake ii arrnas\\quake3.exe"= UDP:d:\hry\quake ii arrnas\quake3.exe:quake3
"UDP Query User{E44C8CE3-7928-4E14-A728-E5993CE14518}d:\\hry\\quake ii arrnas\\quake3.exe"= TCP:d:\hry\quake ii arrnas\quake3.exe:quake3
"TCP Query User{671044C6-C0CE-4AC5-B580-EB15602D4813}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{E8E4CDF1-AF38-476A-A72E-6554DCC6CAFA}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{836DDCC1-41F0-4C44-9A8B-2F857EF4879E}d:\\hry\\vietcong ge\\vietcong.exe"= UDP:d:\hry\vietcong ge\vietcong.exe:vietcong
"UDP Query User{E74411F0-E5AD-4BA5-9749-C9837BB954E2}d:\\hry\\vietcong ge\\vietcong.exe"= TCP:d:\hry\vietcong ge\vietcong.exe:vietcong
"TCP Query User{6C186424-762F-48F7-9201-11083E096D45}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{A57ADC8C-4980-439E-974F-153A5E28ED28}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{15B3908A-7563-4A2A-9A3E-2266C2CD57FF}d:\\hry\\wolfenstein-enemy territory\\et.exe"= UDP:d:\hry\wolfenstein-enemy territory\et.exe:ET
"UDP Query User{0A23A12C-1648-4994-AF11-1F42455D7A7E}d:\\hry\\wolfenstein-enemy territory\\et.exe"= TCP:d:\hry\wolfenstein-enemy territory\et.exe:ET
"TCP Query User{CC53427E-E94E-4940-A4A9-248FA3505F5B}d:\\hry\\vietcong ge\\vietcong.exe"= UDP:d:\hry\vietcong ge\vietcong.exe:vietcong
"UDP Query User{03C46EDC-332E-482D-AFB8-2D9EAC1BDCEA}d:\\hry\\vietcong ge\\vietcong.exe"= TCP:d:\hry\vietcong ge\vietcong.exe:vietcong
"TCP Query User{108FDD82-55EA-49DD-850E-8B15C48082EB}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{647FD3A8-FD69-41C3-879B-DA9B010BA3DD}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{7D79B27D-0784-43D0-A120-1A83A2848F26}d:\\hry\\medal of honor aa\\mohaa.exe"= UDP:d:\hry\medal of honor aa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{8F38F47D-AB58-408E-9126-717157497DA3}d:\\hry\\medal of honor aa\\mohaa.exe"= TCP:d:\hry\medal of honor aa\mohaa.exe:Medal of Honor Allied Assault
"TCP Query User{219930F7-46C6-4405-BB94-73AD5DF5E7F0}d:\\hry\\tmnationsforever\\tmforever.exe"= UDP:d:\hry\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{A2ECC0F9-7744-4B3A-82FC-CF677EEBEE49}d:\\hry\\tmnationsforever\\tmforever.exe"= TCP:d:\hry\tmnationsforever\tmforever.exe:TmForever
"{7B435366-9458-4B1C-A922-0460FDB5DE66}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4862F057-F3AC-4BEC-893B-624900887303}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2061F07B-044B-4E38-9E5A-30AF211A1B93}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{514B0C24-B51E-44B8-B540-E48683008CE2}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{1E344509-5D7E-49BB-9D13-D4A7708BE518}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{E94CDE18-8D38-45B2-A952-960EF6803AF3}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{E3E81BCC-6BB3-4213-8EBC-1AB272D4C9C0}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{48C55E13-4BB7-420F-B2AF-87E16DE58F98}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{9C6248C4-F597-4505-B25F-7FDB051F0EBE}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0F0DDAC8-2765-4523-B5EE-68ED9FAA1A94}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{18FC9A59-DE49-403A-B599-2EC7C64C0D37}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A6378577-708A-48C0-B5F1-F5452F9AFCB7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D7C47E09-DD3F-4B11-BF8D-6F2B5E4D2A90}c:\\users\\roman\\desktop\\wincmd32.exe"= UDP:c:\users\roman\desktop\wincmd32.exe:wincmd32.exe
"UDP Query User{028A527C-EE95-4A68-83FA-3830BF26C87C}c:\\users\\roman\\desktop\\wincmd32.exe"= TCP:c:\users\roman\desktop\wincmd32.exe:wincmd32.exe
"TCP Query User{428B052E-5075-4B24-BD8F-EC5261BB3866}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{FACF1170-0E0C-474D-9B86-76A323775D82}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{E9FCAABE-3A19-45BC-96F1-A0CA140A726B}c:\\users\\roman\\appdata\\local\\temp\\rarsfx0\\hl.exe"= UDP:c:\users\roman\appdata\local\temp\rarsfx0\hl.exe:hl.exe
"UDP Query User{ECBAECAF-CC8F-43BF-9F39-5C333FB17233}c:\\users\\roman\\appdata\\local\\temp\\rarsfx0\\hl.exe"= TCP:c:\users\roman\appdata\local\temp\rarsfx0\hl.exe:hl.exe
"{2D6DBBD7-F9FD-4A45-80B0-A3B782322C60}"= UDP:d:\hry\CoD5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{147D528A-6D74-4167-96E8-E9710C315BC6}"= TCP:d:\hry\CoD5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{725CAA6E-E7F6-4EA8-A2E2-A69CFE0C1F7C}"= UDP:d:\hry\CoD5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{369C100B-FA34-4CE6-8E75-D2939F36DBF1}"= TCP:d:\hry\CoD5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{4027B886-64D2-4502-8004-1FD531C51959}c:\\users\\roman\\appdata\\local\\temp\\rarsfx1\\hl.exe"= UDP:c:\users\roman\appdata\local\temp\rarsfx1\hl.exe:hl.exe
"UDP Query User{42129C38-542D-4620-99FB-8589566C8A70}c:\\users\\roman\\appdata\\local\\temp\\rarsfx1\\hl.exe"= TCP:c:\users\roman\appdata\local\temp\rarsfx1\hl.exe:hl.exe
"{6DA69A59-C306-45B8-9029-95E7E77A55B6}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{DE35C93D-5C28-483F-AF82-774FC0538C62}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\Hry\\Loki\\Loki.exe"= d:\hry\Loki\Loki.exe:*:Enabled:Loki

R0 pe3agqwb;Loki Environment Driver (pe3agqwb);c:\windows\System32\drivers\pe3agqwb.sys [2007-11-14 64616]
R0 ps7agqwb;Loki Synchronization Driver (ps7agqwb);c:\windows\System32\drivers\ps7agqwb.sys [2007-11-14 68208]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-18 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-07-18 70144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-18 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-18 51792]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-01-08 16616]
S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);c:\windows\system32\pr2agqwb.exe svc --> c:\windows\system32\pr2agqwb.exe svc [?]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\System32\drivers\MosIrUsb.sys [2009-02-03 46976]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\extrapc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec66477a-4f59-11dd-a946-806e6f6e6963}]
\shell\AutoRun\command - F:\Autorun.exe
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{8C899140-D56E-4190-97E0-47CD6135F3F3} - (no file)
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-IPAnonymizer - c:\program files\IP Anonymizer\IP Anonymizer.exe
MSConfigStartUp-InvisibleBrowsing - c:\program files\Invisible Browsing\InvisibleBrowsing.exe
MSConfigStartUp-IPAnonymizer - c:\program files\IP Anonymizer\IP Anonymizer.exe
MSConfigStartUp-MotiveReportAgent - c:\program files\TO2SAM\McciBrowser.exe
MSConfigStartUp-SysMetrix - c:\program files\SysMetrix\SysMetrix.exe

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 10:10:55
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2164)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\System32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Celkový čas: 2009-02-21 10:15:03 - počítač byl restartován [roman]
ComboFix-quarantined-files.txt 2009-02-21 09:14:44

Před spuštěním: Volných bajtů: 13 436 764 160
Po spuštění: Volných bajtů: 12,780,388,352

291 --- E O F --- 2009-02-20 09:47:40

Příspěvekod **jaro3** » 21 úno 2009 12:19

Ale nevím , co smazal špatného a jak jsi to vrátil..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\SwSys2.bmp
c:\windows\SwSys1.bmp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Ještě dej vyhledat složku: pmnkLDSm
Pokud najdeš , napiš , kde je a co v ní je..

LifeRoma · Příspěvekod **LifeRoma** » 02 bře 2009 16:20

sry za pozdní odpověd.. neměl jsem vůbec čas:(.. tady posílám log z Combofixu

ComboFix 09-03-01.01 - roman 2009-03-02 15:59:53.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1029.18.2047.1248 [GMT 1:00]
Spuštěný z: c:\users\roman\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\roman\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090301-0] *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-02 do 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-02-28 12:17 . 2009-02-28 12:17 <DIR> d-------- c:\users\All Users\Electronic Arts
2009-02-28 12:17 . 2009-02-28 12:17 <DIR> d-------- c:\programdata\Electronic Arts
2009-02-28 12:16 . 2009-02-28 12:16 <DIR> d-------- c:\users\roman\AppData\Roaming\Leadertech
2009-02-23 23:05 . 2009-02-23 23:05 <DIR> d-------- c:\users\roman\AppData\Roaming\teamspeak2
2009-02-23 23:05 . 2009-02-23 23:05 <DIR> d-------- c:\program files\Teamspeak2_RC2
2009-02-23 23:05 . 2009-02-23 23:05 34,064 --a------ c:\windows\System32\lhacm.acm
2009-02-22 22:43 . 2009-02-22 22:43 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-02-21 10:09 . 2009-02-21 10:10 235,096,252 --a------ c:\windows\MEMORY.DMP
2009-02-20 10:37 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-20 10:37 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-20 10:37 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-20 10:37 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-20 10:37 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-20 10:37 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-20 10:37 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-20 10:37 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-20 10:35 . 2009-02-20 10:37 38,731,776 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-20 10:35 . 2009-02-20 10:37 131,072 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-20 10:35 . 2009-02-20 10:37 65,536 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-20 10:31 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-20 10:31 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-20 10:31 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-20 10:31 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-20 10:31 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-20 10:25 . 2008-12-16 04:14 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-02-18 23:23 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-02-18 23:10 . 2009-02-18 23:10 <DIR> d-------- c:\program files\Alwil Software
2009-02-16 17:08 . 2009-02-16 17:08 <DIR> d-------- C:\aplikace pro panel
2009-02-15 18:40 . 2009-02-28 11:30 1,908 --a------ c:\windows\diagwrn.xml
2009-02-15 18:40 . 2009-02-28 11:30 1,908 --a------ c:\windows\diagerr.xml
2009-02-15 11:58 . 2009-02-15 12:10 <DIR> d-------- c:\program files\CCleaner
2009-02-14 13:09 . 2009-02-15 13:04 <DIR> d-------- c:\program files\Cyanide
2009-02-11 21:39 . 2009-02-11 21:39 <DIR> d-------- c:\users\roman\AppData\Roaming\Malwarebytes
2009-02-11 21:39 . 2009-02-11 21:39 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-11 21:39 . 2009-02-11 21:39 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-11 21:39 . 2009-02-11 21:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 21:39 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-11 21:39 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-11 19:36 . 2009-02-11 19:36 <DIR> d-------- c:\program files\Trend Micro
2009-02-09 21:15 . 2009-02-09 21:15 <DIR> d-------- c:\users\All Users\2DBoy
2009-02-09 21:15 . 2009-02-09 21:15 <DIR> d-------- c:\programdata\2DBoy
2009-02-06 16:11 . 2009-02-06 16:13 <DIR> d-------- c:\program files\TO2SSM
2009-02-06 16:07 . 2009-02-06 16:24 <DIR> d-------- c:\users\roman\AppData\Roaming\Motive
2009-02-06 16:06 . 2009-02-08 11:13 <DIR> d-------- c:\program files\TO2SAM
2009-02-06 16:06 . 2009-02-06 16:12 <DIR> d-------- c:\program files\Common Files\Motive
2009-02-06 16:05 . 2009-02-06 16:13 <DIR> d-------- c:\users\All Users\Motive
2009-02-06 16:05 . 2009-02-06 16:13 <DIR> d-------- c:\programdata\Motive
2009-02-04 20:32 . 2009-02-04 20:33 <DIR> d-------- c:\users\roman\AppData\Roaming\PC Suite
2009-02-04 20:31 . 2009-02-04 20:33 <DIR> d-------- c:\users\roman\AppData\Roaming\Nokia
2009-02-04 20:31 . 2009-02-04 20:33 <DIR> d-------- c:\users\All Users\PC Suite
2009-02-04 20:31 . 2009-02-04 20:33 <DIR> d-------- c:\programdata\PC Suite
2009-02-04 20:26 . 2009-02-04 20:26 <DIR> d-------- c:\program files\DIFX
2009-02-04 20:26 . 2009-02-04 20:26 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-02-04 20:26 . 2009-02-04 20:26 <DIR> d-------- c:\program files\Common Files\Nokia
2009-02-04 20:26 . 2008-08-26 09:26 18,816 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2009-02-04 20:24 . 2009-02-04 20:26 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-02-04 20:24 . 2009-02-04 20:24 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-02-04 20:20 . 2009-02-04 20:26 <DIR> d-------- c:\program files\Nokia
2009-02-04 20:19 . 2009-02-04 20:19 <DIR> d-------- c:\users\All Users\Installations
2009-02-04 20:19 . 2009-02-04 20:19 <DIR> d-------- c:\programdata\Installations
2009-02-03 16:51 . 2004-04-14 07:52 46,976 --a------ c:\windows\System32\drivers\MosIrUsb.sys
2009-02-02 20:22 . 2009-02-02 20:22 <DIR> d-------- c:\program files\Common Files\SWF Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 19:15 138,512 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-01 10:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-26 17:02 --------- d-----w c:\program files\MyPhoneExplorer
2009-02-24 22:07 --------- d-----w c:\users\roman\AppData\Roaming\Skype
2009-02-24 16:11 --------- d-----w c:\users\roman\AppData\Roaming\skypePM
2009-02-23 17:32 --------- d-----w c:\program files\QIP
2009-02-20 17:35 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-20 17:33 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-20 10:07 --------- d-----w c:\program files\Windows Mail
2009-01-26 17:18 --------- d-----w c:\users\roman\AppData\Roaming\LimeWire
2009-01-24 11:26 22,328 ----a-w c:\users\roman\AppData\Roaming\PnkBstrK.sys
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-12 21:00 --------- d-----w c:\users\roman\AppData\Roaming\Hamachi
2009-01-12 20:42 --------- d-----w c:\program files\Q3E Minimizer v1.51
2009-01-08 11:15 --------- d-----w c:\program files\HWiNFO32
2009-01-08 11:10 --------- d-----w c:\users\roman\AppData\Roaming\GRETECH
2009-01-08 11:08 --------- d-----w c:\program files\QuickTime Alternative
2009-01-08 11:08 --------- d-----w c:\program files\GRETECH
2009-01-08 11:07 --------- d-----w c:\programdata\Apple Computer
2009-01-03 12:28 --------- d-----w c:\users\roman\AppData\Roaming\Kingston
2009-01-03 12:21 --------- d-----w c:\programdata\TrackMania
2009-01-02 16:20 --------- d-----w c:\programdata\Apple
2009-01-02 16:20 --------- d-----w c:\program files\Apple Software Update
2008-12-14 18:32 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-02-21_10.13.23.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-11 17:27:37 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-02-28 10:57:30 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-12-11 17:27:38 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-02-28 10:57:30 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-12-11 17:27:38 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-02-28 10:57:30 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-12-11 17:27:35 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:12 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:36 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:16 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:36 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:18 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:36 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:20 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:36 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:21 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:36 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:25 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:37 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:28 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:37 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:29 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:37 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:29 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:38 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-28 10:57:31 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-12-11 17:27:38 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-02-28 10:57:31 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-12-11 17:27:38 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-02-28 10:57:32 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-12-11 17:27:38 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-02-28 10:57:32 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-12-11 17:27:38 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-02-28 10:57:32 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-12-11 17:27:37 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-02-28 10:57:30 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-02-28 11:06:49 4,369,408 ----a-r c:\windows\Installer\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}\EAregister.exe
+ 2009-02-28 11:06:48 3,262 ----a-r c:\windows\Installer\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}\nfs_icon.exe
- 2009-02-21 09:11:15 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-02 15:03:45 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-02 15:03:45 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-21 09:11:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-02 15:03:45 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-02 15:03:45 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-21 09:11:44 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-02 14:52:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-21 09:11:44 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-02 14:52:05 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-21 09:11:44 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-02 14:52:05 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-20 18:25:18 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-03-02 14:59:26 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2006-11-02 08:55:11 73,216 ----a-w c:\windows\System32\drivers\usbccgp.sys
+ 2008-07-18 08:48:12 73,216 ----a-w c:\windows\System32\drivers\usbccgp.sys
- 2009-02-20 17:40:10 82,388 ----a-w c:\windows\System32\perfc005.dat
+ 2009-03-02 14:54:37 82,388 ----a-w c:\windows\System32\perfc005.dat
- 2009-02-20 17:40:10 104,570 ----a-w c:\windows\System32\perfc009.dat
+ 2009-03-02 14:54:37 104,570 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-20 17:40:10 476,614 ----a-w c:\windows\System32\perfh005.dat
+ 2009-03-02 14:54:37 476,614 ----a-w c:\windows\System32\perfh005.dat
- 2009-02-20 17:40:10 37,816 ----a-w c:\windows\System32\perfh009.dat
+ 2009-03-02 14:54:37 40,720 ----a-w c:\windows\System32\perfh009.dat
- 2008-08-21 11:29:38 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
+ 2009-03-01 17:47:23 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
- 2009-02-19 12:16:33 201,440 ----a-w c:\windows\System32\PnkBstrB.exe
+ 2009-03-01 19:14:53 201,440 ----a-w c:\windows\System32\PnkBstrB.exe
- 2009-02-20 17:37:44 8,248 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1739646807-1506169463-2443122476-1000_UserData.bin
+ 2009-02-28 11:42:19 8,806 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1739646807-1506169463-2443122476-1000_UserData.bin
- 2009-02-20 17:37:44 55,544 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-28 11:42:19 56,480 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-19 09:54:42 30,342 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-28 15:19:38 32,116 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-18 1232896]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.fraunhoferacm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2009-02-05 22:08 81000 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-09-17 23:55 92704 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
--a------ 2008-08-15 17:33 1473536 c:\program files\TO2SSM\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-07-18 09:53 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1739646807-1506169463-2443122476-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{EE4A5FEB-9008-4A0A-A1CB-5FA1EB407A6D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{81F94F8E-F9FA-4659-9938-2705285F4C08}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{5718BC3B-F5F9-4A14-A49E-AF242DE73B8C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5F06F3D2-D0B9-4D5A-BDD2-EBED118BB3F3}d:\\hry\\wolfenstein-enemy territory\\et.exe"= UDP:d:\hry\wolfenstein-enemy territory\et.exe:ET
"UDP Query User{F732ADAC-5F53-4AD9-B5EA-BFD0F917CEFD}d:\\hry\\wolfenstein-enemy territory\\et.exe"= TCP:d:\hry\wolfenstein-enemy territory\et.exe:ET
"{4C21DBDF-465C-463F-BAFE-8A775C0E52A8}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8D81BF24-9D58-4C86-A08A-94B0766F9FE2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{925642D8-BF9E-45C6-BCEC-C6BB3CC5284F}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{8C3F0576-972E-46D2-B7AC-5C7FF4ABCE17}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{9598A5CB-B792-4D60-A503-5BA5A66294B7}d:\\hry\\vietcong2\\vietcong2.exe"= UDP:d:\hry\vietcong2\vietcong2.exe:vietcong2
"UDP Query User{77B73019-6919-4F3E-9D59-8379C4F60BE3}d:\\hry\\vietcong2\\vietcong2.exe"= TCP:d:\hry\vietcong2\vietcong2.exe:vietcong2
"{4C10BC76-E6DF-4437-BCB7-D05413158AB3}"= UDP:d:\hry\Assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{D942602D-CDA1-4BD5-A7E6-2370CC24C37A}"= TCP:d:\hry\Assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C7ADF4E6-09A8-4D0B-9E0A-01674C6F15EB}"= UDP:d:\hry\Assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6994D0E6-13F8-46F0-A44D-0BBFA26488F0}"= TCP:d:\hry\Assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{03E8B316-D94B-4955-B2CB-8FFB24742E36}"= UDP:d:\hry\Assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{36B3EA18-1AB6-47EC-A112-8ABA9172DA10}"= TCP:d:\hry\Assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{BFCB0AA3-91A3-4DE1-A80B-FD4183C75BF2}d:\\hry\\medal of honor aa\\mohaa.exe"= UDP:d:\hry\medal of honor aa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{947E825D-D7EB-45C6-853C-AEDA037BA824}d:\\hry\\medal of honor aa\\mohaa.exe"= TCP:d:\hry\medal of honor aa\mohaa.exe:Medal of Honor Allied Assault
"TCP Query User{CFC6A4CB-9A75-4673-8575-BF7830C539F7}d:\\hry\\sniper elite\\sniperelite.exe"= UDP:d:\hry\sniper elite\sniperelite.exe:SniperElite
"UDP Query User{8D056E0D-D20D-4929-9320-BA9B4541B0D9}d:\\hry\\sniper elite\\sniperelite.exe"= TCP:d:\hry\sniper elite\sniperelite.exe:SniperElite
"TCP Query User{E3DAA2FE-EE52-43EE-99FF-FC681B654889}d:\\hry\\quake ii arrnas\\quake3.exe"= UDP:d:\hry\quake ii arrnas\quake3.exe:quake3
"UDP Query User{E44C8CE3-7928-4E14-A728-E5993CE14518}d:\\hry\\quake ii arrnas\\quake3.exe"= TCP:d:\hry\quake ii arrnas\quake3.exe:quake3
"TCP Query User{671044C6-C0CE-4AC5-B580-EB15602D4813}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{E8E4CDF1-AF38-476A-A72E-6554DCC6CAFA}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{836DDCC1-41F0-4C44-9A8B-2F857EF4879E}d:\\hry\\vietcong ge\\vietcong.exe"= UDP:d:\hry\vietcong ge\vietcong.exe:vietcong
"UDP Query User{E74411F0-E5AD-4BA5-9749-C9837BB954E2}d:\\hry\\vietcong ge\\vietcong.exe"= TCP:d:\hry\vietcong ge\vietcong.exe:vietcong
"TCP Query User{6C186424-762F-48F7-9201-11083E096D45}c:\\program files\\qip\\qip.exe"= UDP:c:\program files\qip\qip.exe:Quiet Internet Pager
"UDP Query User{A57ADC8C-4980-439E-974F-153A5E28ED28}c:\\program files\\qip\\qip.exe"= TCP:c:\program files\qip\qip.exe:Quiet Internet Pager
"TCP Query User{15B3908A-7563-4A2A-9A3E-2266C2CD57FF}d:\\hry\\wolfenstein-enemy territory\\et.exe"= UDP:d:\hry\wolfenstein-enemy territory\et.exe:ET
"UDP Query User{0A23A12C-1648-4994-AF11-1F42455D7A7E}d:\\hry\\wolfenstein-enemy territory\\et.exe"= TCP:d:\hry\wolfenstein-enemy territory\et.exe:ET
"TCP Query User{CC53427E-E94E-4940-A4A9-248FA3505F5B}d:\\hry\\vietcong ge\\vietcong.exe"= UDP:d:\hry\vietcong ge\vietcong.exe:vietcong
"UDP Query User{03C46EDC-332E-482D-AFB8-2D9EAC1BDCEA}d:\\hry\\vietcong ge\\vietcong.exe"= TCP:d:\hry\vietcong ge\vietcong.exe:vietcong
"TCP Query User{108FDD82-55EA-49DD-850E-8B15C48082EB}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{647FD3A8-FD69-41C3-879B-DA9B010BA3DD}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{7D79B27D-0784-43D0-A120-1A83A2848F26}d:\\hry\\medal of honor aa\\mohaa.exe"= UDP:d:\hry\medal of honor aa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{8F38F47D-AB58-408E-9126-717157497DA3}d:\\hry\\medal of honor aa\\mohaa.exe"= TCP:d:\hry\medal of honor aa\mohaa.exe:Medal of Honor Allied Assault
"TCP Query User{219930F7-46C6-4405-BB94-73AD5DF5E7F0}d:\\hry\\tmnationsforever\\tmforever.exe"= UDP:d:\hry\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{A2ECC0F9-7744-4B3A-82FC-CF677EEBEE49}d:\\hry\\tmnationsforever\\tmforever.exe"= TCP:d:\hry\tmnationsforever\tmforever.exe:TmForever
"{7B435366-9458-4B1C-A922-0460FDB5DE66}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4862F057-F3AC-4BEC-893B-624900887303}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2061F07B-044B-4E38-9E5A-30AF211A1B93}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{514B0C24-B51E-44B8-B540-E48683008CE2}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{1E344509-5D7E-49BB-9D13-D4A7708BE518}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{E94CDE18-8D38-45B2-A952-960EF6803AF3}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{E3E81BCC-6BB3-4213-8EBC-1AB272D4C9C0}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{48C55E13-4BB7-420F-B2AF-87E16DE58F98}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{9C6248C4-F597-4505-B25F-7FDB051F0EBE}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{0F0DDAC8-2765-4523-B5EE-68ED9FAA1A94}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{18FC9A59-DE49-403A-B599-2EC7C64C0D37}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A6378577-708A-48C0-B5F1-F5452F9AFCB7}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D7C47E09-DD3F-4B11-BF8D-6F2B5E4D2A90}c:\\users\\roman\\desktop\\wincmd32.exe"= UDP:c:\users\roman\desktop\wincmd32.exe:wincmd32.exe
"UDP Query User{028A527C-EE95-4A68-83FA-3830BF26C87C}c:\\users\\roman\\desktop\\wincmd32.exe"= TCP:c:\users\roman\desktop\wincmd32.exe:wincmd32.exe
"TCP Query User{428B052E-5075-4B24-BD8F-EC5261BB3866}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{FACF1170-0E0C-474D-9B86-76A323775D82}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{E9FCAABE-3A19-45BC-96F1-A0CA140A726B}c:\\users\\roman\\appdata\\local\\temp\\rarsfx0\\hl.exe"= UDP:c:\users\roman\appdata\local\temp\rarsfx0\hl.exe:hl.exe
"UDP Query User{ECBAECAF-CC8F-43BF-9F39-5C333FB17233}c:\\users\\roman\\appdata\\local\\temp\\rarsfx0\\hl.exe"= TCP:c:\users\roman\appdata\local\temp\rarsfx0\hl.exe:hl.exe
"{2D6DBBD7-F9FD-4A45-80B0-A3B782322C60}"= UDP:d:\hry\CoD5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{147D528A-6D74-4167-96E8-E9710C315BC6}"= TCP:d:\hry\CoD5\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{725CAA6E-E7F6-4EA8-A2E2-A69CFE0C1F7C}"= UDP:d:\hry\CoD5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{369C100B-FA34-4CE6-8E75-D2939F36DBF1}"= TCP:d:\hry\CoD5\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"TCP Query User{4027B886-64D2-4502-8004-1FD531C51959}c:\\users\\roman\\appdata\\local\\temp\\rarsfx1\\hl.exe"= UDP:c:\users\roman\appdata\local\temp\rarsfx1\hl.exe:hl.exe
"UDP Query User{42129C38-542D-4620-99FB-8589566C8A70}c:\\users\\roman\\appdata\\local\\temp\\rarsfx1\\hl.exe"= TCP:c:\users\roman\appdata\local\temp\rarsfx1\hl.exe:hl.exe
"{6DA69A59-C306-45B8-9029-95E7E77A55B6}"= UDP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{DE35C93D-5C28-483F-AF82-774FC0538C62}"= TCP:c:\program files\Cyanide\GameCenter\GameCenter.exe:GameCenter

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"d:\\Hry\\Loki\\Loki.exe"= d:\hry\Loki\Loki.exe:*:Enabled:Loki

R0 pe3agqwb;Loki Environment Driver (pe3agqwb);c:\windows\System32\drivers\pe3agqwb.sys [2007-11-14 64616]
R0 ps7agqwb;Loki Synchronization Driver (ps7agqwb);c:\windows\System32\drivers\ps7agqwb.sys [2007-11-14 68208]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-18 114768]
R1 PSched;Plánovač paketů technologie QoS;c:\windows\System32\drivers\pacer.sys [2008-07-18 70144]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-18 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-18 51792]
R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-01-08 16616]
S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb);c:\windows\system32\pr2agqwb.exe svc --> c:\windows\system32\pr2agqwb.exe svc [?]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\System32\drivers\MosIrUsb.sys [2009-02-03 46976]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\extrapc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d016ff8-00cc-11de-a040-000fea5f2fd9}]
\shell\AutoRun\command - E:\Autorun.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 16:04:03
Windows 6.0.6000 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\System32\conime.exe
.
**************************************************************************
.
Celkový čas: 2009-03-02 16:07:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-03-02 15:07:33
ComboFix2.txt 2009-02-21 09:15:04

Před spuštěním: Volných bajtů: 10 859 184 128
Po spuštění: Volných bajtů: 11,776,634,880

356 --- E O F --- 2009-02-20 09:47:40

Tady zase posílám log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:14, on 2.3.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwb) (pr2agqwb) - Cyanide - C:\Windows\system32\pr2agqwb.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5050 bytes

A když jsem dal hledat tu složku tak jsem jen našel Neznámý textový dokument někde v C:/users/roman

Příspěvekod **jaro3** » 02 bře 2009 16:31

O.K:
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Pokud nejsou problémy , je to vše, můžeš dát vyřešeno, fajfku.

LifeRoma · Příspěvekod **LifeRoma** » 02 bře 2009 17:30

Dobrá tedy díky moc:) :inlove:

, ale ještě mám dotaz mám používat Spyboota?? Ptáms e protoře si hodněkrát psal "deaktivuj spyboota".. tak si myslím že asi je naprd... jinak co vše mám pravidelně dělat moje pravidelná ochrana(co pravidelně pušťám:)).. AD-Aware, Malwarebytes' Anti-Malware, Avast.. stačí to nebo ještě něco mám přidat??

Příspěvekod **jaro3** » 02 bře 2009 17:49

Nemáš zač. Spybota ponech, to jen při aplikaci Combofixu brání společně s antivirem správnému chodu CF.
Jednou za 1-2 týdny aktualizuj MbAM a proveď sken.Pokud se pohybuješ na nebezpečných stránkách tak bych ještě použil firewall-Kerio, Zone Alarm nebo Comodo vše může stačit ve free verzi.
Tady můžeš dát vyřešeno, fajfku.

LifeRoma · Příspěvekod **LifeRoma** » 02 bře 2009 17:50

Díky moc:) :smile:

prosím o kontrolu logu:) Vyřešeno

Re: prosím o kontrolu logu:) Vyřešeno

Re: prosím o kontrolu logu:)

Re: prosím o kontrolu logu:)

Re: prosím o kontrolu logu:)

Re: prosím o kontrolu logu:)

Re: prosím o kontrolu logu:)

Re: prosím o kontrolu logu:)

Re: prosím o kontrolu logu:)

Re: prosím o kontrolu logu:)

Kdo je online