Prosím o kontrolu

[Driver3]

Ahoj

Object "AntiMalware Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "W32.Aspam.Trojan.B Spyware/Adware" found in File System! Action Taken: Entries Removed.
File D:\New Folder (2) strongDC++\Downloads\Crack, Key-gen\rzr-cod4.exe infected by "Win32/Keygen.DK (ES)" Virus! Action Taken: File Renamed.

Stačí ty cracky a keygeny odstranit klasickou cestou?Tedy přes koš?Jinak nic cracklího nemám,hry už dlouho nehraju a zbyli mi jen ty cracky.
Děkuji moc.

[Roli]

Zdravím, smaž je vysyp koš a pak mi sem dej log.txt z Rsit, podívám se zda tam něco nezůstalo.

[Driver3]

Ahoj,
když sem spouštěl Rsit tak mi to napsalo tuto hlášku:For some reason your system denied access to the Hosts file.If any hijacked domains are in this file,HijackThis may NOT be able to fix this.
If that happens,you need to edit the file yourself.To do this,click Start,Run and type:
notepad C:\WINDOWS\System32\driversyetc\hosts
and press Enter.Find the line(s) HijackThis reports and delete them.Save the file as 'hosts.'(with quotes),and reboot.

no a pak ten log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Inna at 2012-06-26 23:19:42
WIN_XP Service Pack 3
System drive C: has 41 GB (79%) free of 51 GB
Total RAM: 3582 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:28:54, on 26.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\JulaPan.Exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
D:\Firefox_Download\RSIT.exe
C:\Program Files\Trend Micro\HiJackThis\Inna.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JulaPan] JulaPan.Exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2052111302-1214440339-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0481329328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0481310937
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AA0C00-BDF9-4109-B0C6-7FF3E249E4D8}: NameServer = 194.228.41.113 160.218.161.54
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 5115 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1214440339-839522115-1004Core1cd0abacea10e8e.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Inna\Data aplikací\Mozilla\Firefox\Profiles\se8ddhvg.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan]
"Description"=Panda ActiveScan 2.0
"Path"=C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Inna\Data aplikací\Mozilla\Firefox\Profiles\se8ddhvg.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JulaPan"=C:\WINDOWS\system32\JulaPan.Exe [2008-06-24 421888]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]
"AdslTaskBar"=stmctrl.dll,TaskBar []
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2010-01-14 378128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1966080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM.exe]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALCMTR.EXE]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVI]
C:\Program Files\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\PROGRA~1\Eraser\Eraser.exe [2012-05-22 980920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Inna\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2012-01-17 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
C:\Program Files\NetLimiter\NetLimiter.exe [2004-03-31 823296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-12-05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCDDaemon.exe]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2012-06-20 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^TotalMedia Server.lnk]
C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-12-06 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe"="C:\Program Files\Electronic Arts\Need for Speed(TM) Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit"
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.l3codecp"=
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-06-26 23:19:42 ----D---- C:\rsit
2012-06-26 21:23:38 ----AD---- C:\WINDOWS\VDLL.DLL
2012-06-26 21:23:38 ----AD---- C:\WINDOWS\system32\runouce.exe
2012-06-26 21:23:38 ----AD---- C:\WINDOWS\rundll16.exe
2012-06-26 21:23:38 ----AD---- C:\WINDOWS\RUNDL132.EXE
2012-06-26 21:23:38 ----AD---- C:\WINDOWS\logo1_.exe
2012-06-26 21:23:38 ----AD---- C:\WINDOWS\logo_1.exe
2012-06-26 20:59:32 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-06-26 20:59:18 ----A---- C:\WINDOWS\system32\msvcr80.dll
2012-06-26 20:59:17 ----A---- C:\WINDOWS\system32\msvcp80.dll
2012-06-26 20:59:16 ----A---- C:\WINDOWS\system32\msvcp90.dll
2012-06-26 20:59:15 ----A---- C:\WINDOWS\system32\msvcr90.dll
2012-06-26 20:59:14 ----A---- C:\WINDOWS\system32\eEmpty.exe
2012-06-26 20:59:12 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2012-06-26 20:59:12 ----A---- C:\WINDOWS\system32\T.COM
2012-06-26 20:59:12 ----A---- C:\WINDOWS\REGEDIT.COM
2012-06-26 20:59:12 ----A---- C:\WINDOWS\R.COM
2012-06-26 20:59:10 ----D---- C:\Program Files\Common Files\MicroWorld
2012-06-26 20:59:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2012-06-26 14:49:50 ----D---- C:\Program Files\Wireshark
2012-06-26 14:37:37 ----D---- C:\Documents and Settings\Inna\Data aplikací\Online Solutions
2012-06-26 14:30:12 ----D---- C:\Program Files\Common Files\Java
2012-06-26 14:29:48 ----D---- C:\Program Files\Oracle
2012-06-26 14:29:43 ----D---- C:\Documents and Settings\Inna\Data aplikací\Oracle
2012-06-26 13:47:02 ----D---- C:\Program Files\Online Solutions
2012-06-26 13:47:02 ----D---- C:\Program Files\Common Files\Online Solutions Shared
2012-06-25 12:02:32 ----D---- C:\Documents and Settings\Inna\Data aplikací\xrecode2
2012-06-25 12:02:30 ----D---- C:\Program Files\xrecode II
2012-06-24 15:28:15 ----D---- C:\Documents and Settings\Inna\Data aplikací\CUE Tools
2012-06-24 15:27:28 ----D---- C:\Program Files\Cue_Tools
2012-06-23 22:44:43 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-06-23 22:44:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2012-06-23 22:32:02 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-06-23 22:32:02 ----A---- C:\WINDOWS\system32\javaws.exe
2012-06-23 22:32:02 ----A---- C:\WINDOWS\system32\javaw.exe
2012-06-23 22:32:02 ----A---- C:\WINDOWS\system32\java.exe
2012-06-23 22:13:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$
2012-06-23 22:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$
2012-06-23 22:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-06-23 22:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-06-23 22:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-06-23 22:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-06-23 22:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-06-23 21:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$
2012-06-23 21:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-06-23 20:56:39 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-06-23 19:28:05 ----D---- C:\Program Files\Eraser
2012-06-23 12:35:39 ----D---- C:\Documents and Settings\Inna\Data aplikací\TrueCrypt
2012-06-23 12:33:36 ----A---- C:\WINDOWS\system32\drivers\truecrypt.sys
2012-06-23 12:33:34 ----D---- C:\Program Files\TrueCrypt

======List of files/folders modified in the last 1 month======

2012-06-26 22:27:21 ----D---- C:\WINDOWS
2012-06-26 22:21:32 ----SHD---- C:\System Volume Information
2012-06-26 22:17:39 ----D---- C:\WINDOWS\Temp
2012-06-26 21:23:38 ----D---- C:\WINDOWS\system32
2012-06-26 21:23:22 ----D---- C:\WINDOWS\system32\drivers
2012-06-26 21:06:53 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-26 21:05:11 ----D---- C:\WINDOWS\system32\Restore
2012-06-26 21:00:18 ----D---- C:\WINDOWS\Prefetch
2012-06-26 20:59:57 ----A---- C:\WINDOWS\win.ini
2012-06-26 20:59:10 ----D---- C:\Program Files\Common Files
2012-06-26 20:16:07 ----D---- C:\Program Files\PeerGuardian2
2012-06-26 14:59:15 ----D---- C:\Documents and Settings\Inna\Data aplikací\foobar2000
2012-06-26 14:49:50 ----RD---- C:\Program Files
2012-06-26 14:40:11 ----SD---- C:\WINDOWS\Tasks
2012-06-26 14:40:04 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-06-26 14:32:41 ----SH---- C:\boot.ini
2012-06-26 14:32:41 ----A---- C:\WINDOWS\system.ini
2012-06-26 14:30:13 ----SHD---- C:\WINDOWS\Installer
2012-06-26 14:29:27 ----D---- C:\Program Files\Java
2012-06-25 00:35:00 ----D---- C:\Program Files\Mozilla Firefox
2012-06-24 09:53:54 ----D---- C:\Documents and Settings\Inna\Data aplikací\JonDo
2012-06-23 22:58:01 ----D---- C:\WINDOWS\Microsoft.NET
2012-06-23 22:57:47 ----RSD---- C:\WINDOWS\assembly
2012-06-23 22:49:22 ----D---- C:\Documents and Settings\Inna\Data aplikací\Winamp
2012-06-23 22:49:22 ----D---- C:\Documents and Settings\Inna\Data aplikací\uTorrent
2012-06-23 22:49:13 ----D---- C:\WINDOWS\SoftwareDistribution
2012-06-23 22:49:13 ----D---- C:\WINDOWS\Debug
2012-06-23 22:38:34 ----D---- C:\Program Files\Winamp
2012-06-23 22:38:29 ----D---- C:\Program Files\Winamp Detect
2012-06-23 22:28:42 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-06-23 22:22:35 ----D---- C:\Program Files\Opera
2012-06-23 22:21:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-23 22:17:13 ----D---- C:\Program Files\Internet Explorer
2012-06-23 22:13:31 ----HD---- C:\WINDOWS\inf
2012-06-23 22:13:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-23 22:13:28 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-23 22:12:57 ----D---- C:\WINDOWS\WinSxS
2012-06-23 22:10:01 ----D---- C:\WINDOWS\system32\XPSViewer
2012-06-23 21:55:57 ----D---- C:\WINDOWS\Help
2012-06-23 21:55:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-06-23 19:32:12 ----D---- C:\Program Files\Common Files\Adobe
2012-06-22 15:55:10 ----D---- C:\Program Files\JonDo
2012-06-04 17:35:32 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-06-04 17:35:26 ----A---- C:\WINDOWS\system32\muweb.dll
2012-06-03 23:35:34 ----A---- C:\WINDOWS\system32\MRT.exe
2012-06-02 15:19:44 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 15:19:38 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 15:19:34 ----A---- C:\WINDOWS\system32\cdm.dll
2012-06-02 15:19:18 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-05-31 15:22:06 ----A---- C:\WINDOWS\system32\crypt32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760]
R0 JRAID;JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [2008-07-31 79960]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 pavboot;pavboot; C:\WINDOWS\system32\drivers\pavboot.sys [2009-06-30 28552]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-03-25 473656]
R0 TfFsMon;TfFsMon; C:\WINDOWS\system32\drivers\TfFsMon.sys [2010-01-14 51984]
R0 TfSysMon;TfSysMon; C:\WINDOWS\system32\drivers\TfSysMon.sys [2010-01-14 59664]
R1 ArcSec;ArcSec; C:\WINDOWS\system32\drivers\ArcSec.sys [2011-11-10 198720]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-12-17 31088]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2012-06-23 231760]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2011-12-04 121464]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-12-06 7490560]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2011-12-20 100368]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 JULA_01;Service for Juli@ 1; C:\WINDOWS\system32\drivers\JulaWdm.sys [2008-06-24 22912]
R3 JULA_AA;Service for Juli@ Audio Driver (EWDM); C:\WINDOWS\system32\drivers\Jula.sys [2008-06-24 29600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 Stmatm;ATM/ADSL miniport; C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 60255]
R3 TaurusUsb;ADSL Modem USB Service; C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-12-23 549421]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2005-05-31 28160]
S3 amlbtu19;amlbtu19; C:\WINDOWS\system32\drivers\amlbtu19.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
S3 etdrv;etdrv; \??\C:\WINDOWS\etdrv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2011-01-15 30208]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [2012-05-04 161664]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2010-01-14 70928]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S4 ADExchange;ArcSoft Exchange Service; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-09-16 39528]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-12-06 643072]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

[Driver3]

moc dík

[Roli]

Ta hláška je v pohodě, jen upozorňuje pokud by neklaplo spuštění HJT je třeba něco poopravit.

Tohle fixni v HJT :

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-2052111302-1214440339-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

HJT najdeš zde :

C:\Program Files\Trend Micro\HiJackThis\Inna.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Dále fůra zbytků po různých anti programech které odmažem.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Program Files\Panda Security
C:\Program Files\AVG

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan]
"Description"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan]
"Path"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[Driver3]

Ahoj?
fixnul jsem toto:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)


a tento řádek v HJT nemám: O4 - HKUS\S-1-5-21-2052111302-1214440339-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
v HJT mám pouze tento řádek --> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe,kerý jsem nefixnul,protože zcela nesouhlasil s tím co bylo uvedeno v tvém výpisu.
Pak jsem spustil OTM.exe(nechtěně jsem ten prográmek spustil z oddílu,kde nemám nainstalovaný systém,jestli to nevadí.Mám disk rozdělený na (C:) a (D:) a spustil sem ho tedy z oddílu (D:) ).
OTM.exe požadoval restart a po restartu sem měl na ploše zobrazený tento log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\002591_.tmp moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\Program Files\Panda Security\ActiveScan 2.0\psqstore folder moved successfully.
C:\Program Files\Panda Security\ActiveScan 2.0 folder moved successfully.
C:\Program Files\Panda Security folder moved successfully.
C:\Program Files\AVG\AVG2012 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan\\Description deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan\\Path deleted successfully.
Registry value

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplicat

ions\list\\C:\Program Files\AVG\AVG2012\avgmfapx.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Inna
->Temp folder emptied: 877124 bytes
->Temporary Internet Files folder emptied: 491520 bytes
->Java cache emptied: 74703 bytes
->FireFox cache emptied: 84055764 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57006 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 4810 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 995826 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 06282012_122431

Files moved on Reboot...

Registry entries deleted on Reboot...


C:\_OTMoveIt\MovedFiles\ tuto složku v počítači nemám(jestli je to tím,že jsem to spustil z datového disku a ne ze systémového?)
zkusím to spustit ještě ze systémového disku...

[Driver3]

Tady je ten druhý pokus OTMovelt:

ll processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\Program Files\Panda Security not found.
File/Folder C:\Program Files\AVG not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan\\Description not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandasecurity.com/activescan\\Path not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\AVG\AVG2012\avgmfapx.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Inna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18433114 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 06282012_124757

Files moved on Reboot...

Registry entries deleted on Reboot...



C:\_OTMoveIt\MovedFiles\ odkazuje na umístění,které již není k dispozici.

[Driver3]

Už tam ta složka je,asi to bylo tím jak sem to spouštěl z D: oddílu.No tak snad ten první log je ten co si po mě chtěl.Prominˇ

[Driver3]

No jo já sem blbej,když sem to spouštěl z Déčka tak bych tam měl najít i ten log.Ten log je opravdu na déčku a je identickej s tím logem,který sem okopíroval jako první.
Jinak se mi objevili skryté systémové složky na systémovém disku po spuštění programu OTMovelt.Píšu to jen tak,kdyby šlo náhodou o něco závažnějšího,ale asi ne.
A ještě radši opakuji,že sem nenašel tento řádek v HJT:O4 - HKUS\S-1-5-21-2052111302-1214440339-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')

Díky za pomoc

[Roli]

Ten první log z OTMoveIt byl správně a také by měl být spouštěn z disku kde je systém, ale neva vše klaplo.

To žes nenašel jeden řádek v HJT nevadí, ten :

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

co popisuješ musí zůstat.


Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[Driver3]

Ahoj,tady je ten log,nic sem nemazal.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.06.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Inna :: UNDURRAG-2115CA [administrátor]

Ochrana: Povolena

29.6.2012 9:03:41
mbam-log-2012-06-29 (09-31-53).txt

Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 261535
Uplynulý čas: 25 minut, 57 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Špatný: (0) Dobrý: (1) -> Žádná instrukce nebyla provedena.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)


dík

[Roli]

Znovu spusť Mbam a vše co našel nech smazat.

No a pokud s PC není již žádný problém je to z mé strany vše.

[Driver3]

Ahoj,právě sem dokončil sken a tu jednu položku co sem našel sem odstranil.Moc děkuju za pomoc
Nechceš/nechcete poslat nějakou kačku na pivko?Já bych se s tim piplal a nic bych nevyřešil.Kde se dají načerpat takové informace abych si příště poradil sám.Chce to asi mít znalost operačního systému,umět programovat? v C jazyku.Zkusím to tady pročíst a kdyžtak zagooglim.Kdybyste měl nějakou stránku webovou i v angličtině,kde se dá něco vyčíst tak to by taky nebylo špatný,ale nutný to není samozřejmě.Takže ještě jednou díky moc,jste dobrej.Ahoj,nashle...

[Roli]

Nechceš/nechcete poslat nějakou kačku na pivko?

Klidně mi můžeš tykat, jinak pokud chceš můžeš přispět na chod FÓRA

Né že by se mě osobně nějaká kačka nehodila, ale nebylo by to fér vůči ostatním.

Kde se dají načerpat takové informace abych si příště poradil sám ?

Zkusím to tady pročíst a kdyžtak zagooglim

Odpověděl sis vlastně sám jen pozor, systém se nechá sestřelit rychle ale oprava už taková legrace nebude

Takže ještě jednou díky moc,jste dobrej.Ahoj,nashle...

Není zač a měj se