Prosím o kontrolu logu z RSIT Vyřešeno

[legendaryboy]

Ten puvodni byl obdobny jen dalsi instalace win s jmenem "windows.0" (nula) na stejnym diskovym oddile, byly mi dobry na serfovani kdyz sem nemohl spustit ty zasekany win. Takhle sem je naistaloval pres instalacni cd kdyz sem dal obnovit, nebo tak nejak..

[Reklama]

[jaro3]

No tak to je možná problém se startováním win, měl bys tam mít ,jen to základní boot.ini nebo obě ( měl bys mít na výběr, nevložil si sem , co tam vůbec máš zapsáno v boot.ini.

[legendaryboy]

Boot.ini sem uz prepsal tam tim cos mi dal protoze sem to mel pochopitelne jiny, ale nic se nedeje, dokazu si tam ty windows.0 pripsat, v poho.

[jaro3]

Takže si to vyčistil TFC Cleanerem a nainstaloval konzoli pro zotavení (CF) a provedl ten script?
Žádný log si sem nedal.

[legendaryboy]

Tak snad mi dotretice nabehne plocha a nesekne se. Jinak bych musel spustit win.0 jinak to neodeslu ted pisu z mobilu, sem presne v te fazi po skriptu, sem restartoval abych mel funkcni kerio nez se pripojim k netu.

[jaro3]

Fajn , pak to sem vlož , možná , že to dokončíme zítra.

[legendaryboy]

No nechtej, musim procistit v nouzovym rezimu-ccleaner, atf, t-cleaner, mohu v nouzaku bezne pouzivat i TFC?????.. A hlavne vypnout obnovu systemu na discich, po combofixu se mi vzdyckyzapne, bych se z toho po....

[legendaryboy]

Ha ted Koukam ze se mi po skriptu nezapnula obnova systemu, to je zvlastni, vzdycky se mi zapla ale nevim estli i po skriptu.

[legendaryboy]

ComboFix 09-06-21.01 - Petr 2009-06-24 20:13.27 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1155 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090624-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-24 do 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\windows\system32\bfubackups
2009-06-22 17:43 . 2009-06-22 17:45 -------- d-----w- C:\bbfu
2009-06-20 10:01 . 2009-06-20 11:46 -------- d-----w- c:\program files\ICQ6.5
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- c:\program files\Adobe Media Player
2009-06-01 18:00 . 2009-06-07 19:06 -------- d-----w- c:\program files\FotoLapse
2009-06-01 17:16 . 2009-06-01 17:16 407047 ----a-w- c:\windows\system32\mioengine.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 18:03 . 2008-07-21 19:01 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-24 17:18 . 2008-05-15 20:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-06-24 17:01 . 2009-06-24 17:01 5364 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-24 17:01 . 2001-10-25 14:00 532774 ----a-w- c:\windows\system32\perfh005.dat
2009-06-24 17:01 . 2001-10-25 14:00 120176 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 20:19 . 2009-03-02 15:11 -------- d-----w- c:\program files\SpywareBlaster
2009-06-20 16:35 . 2008-06-16 17:43 -------- d-----w- c:\program files\MediaCoder iPhone Edition
2009-06-20 10:02 . 2007-10-25 09:30 -------- d-----w- c:\program files\ICQ6
2009-06-07 19:41 . 2008-12-07 19:05 -------- d-----w- c:\program files\Orbitdownloader
2009-06-01 16:09 . 2008-01-05 11:17 -------- d-----w- c:\program files\Google
2009-05-31 16:49 . 2008-06-05 16:28 -------- d-----w- c:\program files\MozyHome
2009-05-25 18:02 . 2009-05-25 18:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-19 19:26 . 2009-05-19 19:25 -------- d-----w- c:\program files\Dobrý farmář
2009-05-17 11:44 . 2009-05-17 11:44 -------- d-----w- c:\program files\Bagger-Simulator 2008
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\program files\Cogs
2009-05-16 12:44 . 2009-05-16 12:43 -------- d-----w- c:\program files\iPhoneRingToneMaker
2009-05-15 18:57 . 2009-03-02 15:10 -------- d-----w- c:\program files\Lavasoft
2009-05-15 11:04 . 2008-06-05 16:28 53240 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-05-12 16:24 . 2009-02-05 16:35 83616 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-05-12 11:17 . 2009-03-03 15:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-12 09:45 . 2007-10-25 21:01 -------- d-----w- c:\program files\MediaCoder
2009-05-11 10:43 . 2009-01-18 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 17:50 . 2009-04-28 15:22 -------- d-----w- c:\program files\Microsoft Research
2009-05-06 17:03 . 2009-05-06 17:03 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-05 22:31 . 2009-05-25 18:01 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-29 09:27 . 2007-10-25 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-28 15:17 . 2007-10-03 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 15:08 . 2007-10-14 20:53 -------- d-----w- c:\program files\MSBuild
2009-04-28 15:08 . 2007-10-14 20:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 17:02 . 2009-04-07 17:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-04-07 17:02 . 2008-06-15 18:58 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-07 17:02 . 2008-06-15 18:58 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-07 17:02 . 2009-04-07 17:02 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-04-06 13:32 . 2009-01-18 20:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 20:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 13:21 . 2009-05-25 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-02-18 16:59 . 2009-02-18 16:47 907296 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-2-4 163840]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-3-7 1080264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2402:TCP"= 2402:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2428:TCP"= 2428:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"2331:TCP"= 2331:TCP:Akamai NetSession Interface
"1675:TCP"= 1675:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1040:TCP"= 1040:TCP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-04-07 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-04-07 971552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-27 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-27 65576]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S1 amdtools;AMD Special Tools Driver; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]
S4 COM Service;COM Service;"c:\program files\GIGABYTE\C.O.M\GCSVR.EXE" --> c:\program files\GIGABYTE\C.O.M\GCSVR.EXE [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-06-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-06-21 c:\windows\Tasks\20090323_202000_Petr.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 20:21
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes

sken byl úspešně dokončen
skryté soubory: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet132\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1608)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2816)
c:\windows\TrnOEH.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2009-06-24 20:24
ComboFix-quarantined-files.txt 2009-06-24 18:24

Před spuštěním: Volných bajtů: 69,470,265,344
Po spuštění: Volných bajtů: 69,375,152,128

260 --- E O F --- 2009-06-23 18:37

[legendaryboy]

Nevzpomenu si presne ale tohle je asi prvni log ziskany pri normalnim rezimu, zadny nouzovy rezim jako vzdycky, to jen tak pro info treba se hodi.
Dalsi problemek:
WinPatrol mi hodil tuhle hlasku viz foto, uz jednou se mi tahle sama objevila dal sem reject, ted davam accept.

Spybot nasel tohle viz foto.

[jaro3]

Měnil si HOSTS?

Stáhni si HostsXpert 4.2- Hosts File Manager
Rozbal do následující složky:
C:\HostsXpert 4.2 - Hosts File Manager
Spusť HostsXpert 4.2 - Hosts File Manager z této složky.Klikni na "File Handling". Poté klikni na "Restore MS Hosts File".
Klikni OK na k potvrzení.
Klikni na "Make Read Only?" a poté na X k opuštění programu.
*****************************************************************************************************************************************
njn, crack na Daemon Tools..
Smazat a odinstalovat DT....
*****************************************************************************************************************************************
Ještě jeden script:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\GDIPFONTCACHEV1.DAT

Regnull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Podívám se zítra..

[legendaryboy]

Ani po vypnuti winpatrolu mi nejde "Restore MS Hosts File", vyhodi to tuhle hlasku viz foto. Ted me napadlo jestli to neblokuje Rezidentni stit od Spybotu?? No pockam si na radu nez se priste do neceho pustim...