Prosím o kontrolu logu z RSIT Vyřešeno

[jaro3]

Můžeš ho zkusit vypnout , možná i antivir..

[Reklama]

[legendaryboy]

Az napodruhe se mi podarilo vygenerovat log mimo nouzovy rezim.
Krom toho HostsXpert mi hazi porad stejnou hlasku i pokud deaktivuji vsechny rezidentni stity co pouzivam a co znam, tedy Avast, Kerio, Spybot, Winpatrol, takze uz nevim cim to, napada me jedine zkusit deativovat a restartovat do nouzoveho rezimu, coz se mi u ComboFIXu osvedcilo.

ComboFix 09-06-21.01 - Petr 2009-06-25 18:05.29 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1210 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090624-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

FILE ::
"C:\GDIPFONTCACHEV1.DAT"
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-05-25 do 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 05:26 . 2009-06-25 16:03 -------- d-----w- C:\HostsXpert 4.2 - Hosts File Manager
2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\windows\system32\bfubackups
2009-06-22 17:43 . 2009-06-22 17:45 -------- d-----w- C:\bbfu
2009-06-20 10:01 . 2009-06-20 11:46 -------- d-----w- c:\program files\ICQ6.5
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- c:\program files\Adobe Media Player
2009-06-01 18:00 . 2009-06-07 19:06 -------- d-----w- c:\program files\FotoLapse
2009-06-01 17:16 . 2009-06-01 17:16 407047 ----a-w- c:\windows\system32\mioengine.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 15:57 . 2008-05-15 20:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-06-25 15:57 . 2008-07-21 19:01 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-24 17:01 . 2001-10-25 14:00 532774 ----a-w- c:\windows\system32\perfh005.dat
2009-06-24 17:01 . 2001-10-25 14:00 120176 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 20:19 . 2009-03-02 15:11 -------- d-----w- c:\program files\SpywareBlaster
2009-06-20 16:35 . 2008-06-16 17:43 -------- d-----w- c:\program files\MediaCoder iPhone Edition
2009-06-20 10:02 . 2007-10-25 09:30 -------- d-----w- c:\program files\ICQ6
2009-06-07 19:41 . 2008-12-07 19:05 -------- d-----w- c:\program files\Orbitdownloader
2009-06-01 16:09 . 2008-01-05 11:17 -------- d-----w- c:\program files\Google
2009-05-31 16:49 . 2008-06-05 16:28 -------- d-----w- c:\program files\MozyHome
2009-05-25 18:02 . 2009-05-25 18:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-19 19:26 . 2009-05-19 19:25 -------- d-----w- c:\program files\Dobrý farmář
2009-05-17 11:44 . 2009-05-17 11:44 -------- d-----w- c:\program files\Bagger-Simulator 2008
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\program files\Cogs
2009-05-16 12:44 . 2009-05-16 12:43 -------- d-----w- c:\program files\iPhoneRingToneMaker
2009-05-15 18:57 . 2009-03-02 15:10 -------- d-----w- c:\program files\Lavasoft
2009-05-15 11:04 . 2008-06-05 16:28 53240 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-05-12 11:17 . 2009-03-03 15:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-12 09:45 . 2007-10-25 21:01 -------- d-----w- c:\program files\MediaCoder
2009-05-11 10:43 . 2009-01-18 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 17:50 . 2009-04-28 15:22 -------- d-----w- c:\program files\Microsoft Research
2009-05-06 17:03 . 2009-05-06 17:03 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-05 22:31 . 2009-05-25 18:01 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-29 09:27 . 2007-10-25 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-28 15:17 . 2007-10-03 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 15:08 . 2007-10-14 20:53 -------- d-----w- c:\program files\MSBuild
2009-04-28 15:08 . 2007-10-14 20:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 17:02 . 2009-04-07 17:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-04-07 17:02 . 2008-06-15 18:58 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-07 17:02 . 2008-06-15 18:58 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-07 17:02 . 2009-04-07 17:02 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-04-06 13:32 . 2009-01-18 20:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 20:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 13:21 . 2009-05-25 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-02-18 16:59 . 2009-02-18 16:47 907296 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-2-4 163840]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-3-7 1080264]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2402:TCP"= 2402:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2428:TCP"= 2428:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"2331:TCP"= 2331:TCP:Akamai NetSession Interface
"1675:TCP"= 1675:TCP:Akamai NetSession Interface
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"1040:TCP"= 1040:TCP:Akamai NetSession Interface
"1126:TCP"= 1126:TCP:Akamai NetSession Interface
"3884:TCP"= 3884:TCP:Akamai NetSession Interface
"1053:TCP"= 1053:TCP:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-04-07 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-04-07 971552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-27 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-27 65576]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S1 amdtools;AMD Special Tools Driver; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]
S4 COM Service;COM Service;"c:\program files\GIGABYTE\C.O.M\GCSVR.EXE" --> c:\program files\GIGABYTE\C.O.M\GCSVR.EXE [?]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'

2009-06-25 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]

2009-06-21 c:\windows\Tasks\20090323_202000_Petr.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 18:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes

sken byl úspešně dokončen
skryté soubory: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet132\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53

[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1848)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-25 18:17
ComboFix-quarantined-files.txt 2009-06-25 16:17

Před spuštěním: Volných bajtů: 69,205,467,136
Po spuštění: Volných bajtů: 69,111,975,936

253 --- E O F --- 2009-06-24 20:14

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

použij T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Aktualizuj javu:
Java SE Runtime Environment 6u14
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u14-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Spusť HJT , klikni na Open the Misc Tools Section.
Klikni na Open ADS Spy.
Odeber zatržítko u:
Quick Scan (Windows base folders only)
a
Ignore safe system info streams
Potom klikni na SCAN a když bude hotov na Save Log.Zkopíruj sem celý obsah toho logu.

[legendaryboy]

po instalaci javy mi winpatrol neco vyhodil co s tim? Nevim jestli to s tou instalaci souvisi protoze to trvalo asi 2 min po instalaci nez to vyskocilo.

[jaro3]

Musíš povolit , klikni na YES..
Jo a ohledně ADS SPY , pokud je to dlouhý tak to dej na http://www.edisk.cz/
a vlož sem jen odkaz.

[legendaryboy]

nemohl bych ti ten log poslat nejak jinak neverejne? rozumis mam tam takove citlive nazvy a nerad bych to vystavoval...

[jaro3]

Tak dej odkaz do SZ , lidi tam maj možná horší věci...

[jaro3]

To nevím , je nainstalovaná? Nemáš mít zaplý prohlížeče , když instaluješ , zkus restart prohlížečů.
Ten odkaz do soukromé zprávy , nic tam nemám a tady je odkaz jen na upload..

[legendaryboy]

poslal sem ti to do SZ, protoze je to nejen dost dlouhy.......

bylo to tim ze mam blokovane skripty ve firefoxu pres doplnek firefoxu zvany NoSkript, zapomnel sem ze to obcas musim povolit, kdyz mi neco nejde na strance.. az to stahnes z edisku tak mi rekni.

[jaro3]

Mám to , je to O.K:
Jak to vypadá s PC?
Add: tys to vlastně ve win patrol nakonec povolil, zkus ještě HostsXpert 4.2- Hosts File Manager v nouz. režimu ( klikni na Restore MS Hosts File
Vlož ještě nový log z HJT.

[legendaryboy]

Zkusim to teda v nouzovem rezimu.
WinPatrolovou posledni hlasku sem si nechal v pozadi az co mi na to reknes tak dam, pak sem projel ten HJT scan, nahodil textak a ted sem dal teda to "ano" ve Winpatrolu. Ted se restartuju do stavu nouze to zkusit.

[jaro3]

Uvidím , jestli tady ještě budu , kdyžtak zítra.