CLEANUP ANTIVIRUS....

[tmoravek]

v pc se mi objevi CLEANUP ANTIVIRUS, jakási mrcha, která pořád vyskakuje a chce abych se zaregistroval, stáhnul, zaplatil..Nemůžu se toho zbavit . PROSÍÍM O POMOC.
PS : jsem absolutní laik..díky moc
Tom

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tom at 2010-03-11 15:18:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive I: has 18 GB (8%) free of 238 GB
Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:31, on 11.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\C\System32\smss.exe
I:\C\system32\winlogon.exe
I:\C\system32\services.exe
I:\C\system32\lsass.exe
I:\C\system32\Ati2evxx.exe
I:\C\system32\svchost.exe
I:\C\System32\svchost.exe
I:\C\system32\svchost.exe
I:\C\system32\Ati2evxx.exe
I:\C\system32\spoolsv.exe
I:\Documents and Settings\Tom\ddgdq.exe
I:\C\explorer.exe
I:\C\system32\RTHDCPL.EXE
I:\C\vVX3000.exe
I:\Program Files\Microsoft LifeCam\LifeExp.exe
I:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
I:\C\system32\ctfmon.exe
I:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
I:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
I:\documents and settings\all users.c\data aplikací\c363c\cub5e .exe
i:\c\system32\alcmtr .exe
i:\c\system32\rthdcpl .exe
i:\program files\nokia\nokia pc suite 7\pcsuite .exe
i:\c\vvx3000 .exe
I:\Program Files\Common Files\Motive\McciCMService.exe
I:\Program Files\Microsoft LifeCam\MSCamS32.exe
I:\C\system32\PnkBstrA.exe
I:\C\system32\PnkBstrB.exe
I:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
I:\C\system32\svchost.exe
i:\program files\internet explorer\wmpscfgs.exe
i:\program files\internet explorer\wmpscfgs.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Documents and Settings\Tom\Plocha\HRY TOMINO\RSIT.exe
I:\Program Files\trend micro\Tom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=I:\C\system32\userinit.exe,I:\Documents and Settings\Tom\ddgdq.exe \s
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.186.119.130 www.google.com
O1 - Hosts: 93.186.119.130 google.com
O1 - Hosts: 93.186.119.130 google.com.au
O1 - Hosts: 93.186.119.130 www.google.com.au
O1 - Hosts: 93.186.119.130 google.be
O1 - Hosts: 93.186.119.130 www.google.be
O1 - Hosts: 93.186.119.130 google.com.br
O1 - Hosts: 93.186.119.130 www.google.com.br
O1 - Hosts: 93.186.119.130 google.ca
O1 - Hosts: 93.186.119.130 google.ch
O1 - Hosts: 93.186.119.130 www.google.ch
O1 - Hosts: 93.186.119.130 google.de
O1 - Hosts: 93.186.119.130 www.google.de
O1 - Hosts: 93.186.119.130 google.dk
O1 - Hosts: 93.186.119.130 www.google.dk
O1 - Hosts: 93.186.119.130 google.fr
O1 - Hosts: 93.186.119.130 www.google.fr
O1 - Hosts: 93.186.119.130 google.ie
O1 - Hosts: 93.186.119.130 www.google.ie
O1 - Hosts: 93.186.119.130 google.it
O1 - Hosts: 93.186.119.130 www.google.it
O1 - Hosts: 93.186.119.130 google.co.jp
O1 - Hosts: 93.186.119.130 www.google.co.jp
O1 - Hosts: 93.186.119.130 google.nl
O1 - Hosts: 93.186.119.130 google.no
O1 - Hosts: 93.186.119.130 www.google.no
O1 - Hosts: 93.186.119.130 google.co.nz
O1 - Hosts: 93.186.119.130 www.google.co.nz
O1 - Hosts: 93.186.119.130 google.pl
O1 - Hosts: 93.186.119.130 www.google.pl
O1 - Hosts: 93.186.119.130 google.se
O1 - Hosts: 93.186.119.130 www.google.se
O1 - Hosts: 93.186.119.130 google.co.uk
O1 - Hosts: 93.186.119.130 www.google.co.uk
O1 - Hosts: 93.186.119.130 google.co.za
O1 - Hosts: 93.186.119.130 www.google.co.za
O1 - Hosts: 93.186.119.130 www.google-analytics.com
O1 - Hosts: 93.186.119.130 www.bing.com
O1 - Hosts: 93.186.119.130 search.yahoo.com
O1 - Hosts: 93.186.119.130 www.search.yahoo.com
O1 - Hosts: 93.186.119.130 uk.search.yahoo.com
O1 - Hosts: 93.186.119.130 ca.search.yahoo.com
O1 - Hosts: 93.186.119.130 de.search.yahoo.com
O1 - Hosts: 93.186.119.130 fr.search.yahoo.com
O1 - Hosts: 93.186.119.130 au.search.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [VX3000] I:\C\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "i:\program files\quicktime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "I:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "I:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [wglu] I:\C\system32\wglu.exe \u
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] I:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\C\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] I:\C\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyEmergency] I:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [PC Suite Tray] "I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AlcoholAutomount] "I:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [CleanUp Antivirus] "i:\documents and settings\all users.c\data aplikací\c363c\cub5e .exe" /s /d
O4 - HKCU\..\Run: [BMIMZMHMFM] i:\docume~1\tom\locals~1\temp\c .exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\C\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\C\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\C\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\C\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://I:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: HWAqbliZanDCAZf - {ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} - I:\C\system32\xhaht.dll
O21 - SSODL: Yktbkoxla - {2494876D-8E3E-2DC7-99C3-F16A5BE04688} - I:\C\system32\xhaht.dll
O21 - SSODL: dfEpbneqJVZkXX - {63393632-C993-9C98-DAA6-D9047B329DEB} - I:\C\system32\xhaht.dll
O21 - SSODL: GrTaa - {380D4A06-92A7-E0AC-2AFE-C4EC659CA7D5} - I:\C\system32\xhaht.dll
O21 - SSODL: gYNfdREYGqA - {9D78B55C-37D2-1FF6-9E57-7D7898525D80} - I:\C\system32\xhaht.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\C\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McciCMService - Motive Communications, Inc. - I:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PnkBstrA - Unknown owner - I:\C\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - I:\C\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - I:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8626 bytes

======Scheduled tasks folder======

I:\C\tasks\AppleSoftwareUpdate.job
I:\C\tasks\GoogleUpdateTaskMachineCore.job
I:\C\tasks\GoogleUpdateTaskMachineUA.job
I:\C\tasks\Microsoft_Hardware_Launch_setup_exe.job
I:\C\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
I:\C\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - I:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-01 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=I:\C\system32\RTHDCPL.EXE [2010-01-31 40448]
"Alcmtr"=I:\C\system32\ALCMTR.EXE [2010-01-31 40448]
"GEST"=m‘|\ü []
"VX3000"=I:\C\vVX3000.exe [2010-03-11 40448]
"QuickTime Task"=i:\program files\quicktime\qttask .exe [2010-03-11 40448]
"LifeCam"=I:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-03-11 40448]
"ATICustomerCare"=I:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-11 40448]
"wglu"=I:\C\system32\wglu.exe [2010-03-11 40448]
"TO2SSM_McciTrayApp"=I:\Program Files\TO2SSM\McciTrayApp.exe [2010-03-11 40448]
"SunJavaUpdateSched"=I:\Program Files\Java\jre6\bin\jusched.exe [2010-03-11 40448]
"NeroFilterCheck"=I:\C\system32\NeroCheck.exe [2010-03-11 40448]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=I:\C\system32\ctfmon.exe [2004-08-17 15360]
"SpyEmergency"=I:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2009-12-17 1948216]
"PC Suite Tray"=I:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-03-11 40448]
"AlcoholAutomount"=I:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-03-11 40448]
"CleanUp Antivirus"=i:\documents and settings\all users.c\data aplikací\c363c\cub5e .exe [2010-03-11 40448]
"BMIMZMHMFM"=i:\docume~1\tom\locals~1\temp\c .exe [2010-03-11 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
I:\C\system32\Ati2evxx.dll [2009-11-25 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
I:\C\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\C\system32\WPDShServiceObj.dll [2006-10-18 133632]
HWAqbliZanDCAZf - {ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} - I:\C\system32\xhaht.dll [2004-08-17 32768]
Yktbkoxla - {2494876D-8E3E-2DC7-99C3-F16A5BE04688} - I:\C\system32\xhaht.dll [2004-08-17 32768]
dfEpbneqJVZkXX - {63393632-C993-9C98-DAA6-D9047B329DEB} - I:\C\system32\xhaht.dll [2004-08-17 32768]
GrTaa - {380D4A06-92A7-E0AC-2AFE-C4EC659CA7D5} - I:\C\system32\xhaht.dll [2004-08-17 32768]
gYNfdREYGqA - {9D78B55C-37D2-1FF6-9E57-7D7898525D80} - I:\C\system32\xhaht.dll [2004-08-17 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"I:\Program Files\Microsoft LifeCam\LifeExp.exe"="I:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"I:\C\system32\dpvsetup.exe"="I:\C\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"I:\C\system32\rundll32.exe"="I:\C\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"I:\Program Files\Skype\Plugin Manager\skypePM.exe"="I:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"I:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="I:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
"I:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat"="I:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\patchget.dat:*:Enabled:patchgrabber"
"I:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="I:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"I:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="I:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"I:\Program Files\Nokia\Nokia PC Suite 7\VideoManager.exe"="I:\Program Files\Nokia\Nokia PC Suite 7\VideoManager.exe:*:Enabled:Nokia Video Manager"
"I:\Program Files\Microsoft LifeCam\LifeCam.exe"="I:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"I:\C\system32\wglu.exe"="I:\C\system32\wglu.exe:*:Enabled:ENABLE"
"I:\Documents and Settings\Tom\Data aplikací\uTorrent\utorrent.exe"="I:\Documents and Settings\Tom\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"I:\C\system32\PnkBstrA.exe"="I:\C\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"I:\C\system32\PnkBstrB.exe"="I:\C\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"I:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="I:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"I:\Program Files\Skype\Phone\Skype.exe"="I:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"I:\Documents and Settings\All Users.C\Data aplikací\c8ff646\CUc8ff.exe"="I:\Documents and Settings\All Users.C\Data aplikací\c8ff646\CUc8ff.exe:*:Enabled:CleanUp Antivirus"
"I:\Documents and Settings\All Users.C\Data aplikací\c8ff646\cuc8ff .exe"="I:\Documents and Settings\All Users.C\Data aplikací\c8ff646\cuc8ff .exe:*:Enabled:CleanUp Antivirus"
"I:\Documents and Settings\All Users.C\Data aplikací\c363c\cub5e.exe"="I:\Documents and Settings\All Users.C\Data aplikací\c363c\cub5e.exe:*:Enabled:CleanUp Antivirus"
"I:\Documents and Settings\All Users.C\Data aplikací\c363c\cub5e .exe"="I:\Documents and Settings\All Users.C\Data aplikací\c363c\cub5e .exe:*:Enabled:CleanUp Antivirus"
"I:\Documents and Settings\All Users.C\Data aplikací\c363c\cub5e .exe"="I:\Documents and Settings\All Users.C\Data aplikací\c363c\cub5e .exe:*:Enabled:CleanUp Antivirus"
"I:\Documents and Settings\Tom\ddgdq.exe"="I:\Documents and Settings\Tom\ddgdq.exe:*:Enabled:ENABLE"
"I:\Documents and Settings\All Users.C\Data aplikací\c363c\cub5e .exe"="I:\Documents and Settings\All Users.C\Data aplikací\c363c\cub5e .exe:*:Enabled:CleanUp Antivirus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{616ab166-006f-11df-af77-001fd066bc19}]
shell\AutoRun\command - C:\Launcher.exe


======File associations======

.js - edit - "I:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2010-03-11 15:18:20 ----DC---- I:\rsit
2010-03-11 15:18:20 ----D---- I:\Program Files\trend micro
2010-03-11 13:41:55 ----DC---- I:\C\pss
2010-03-11 13:39:12 ----D---- I:\Program Files\Enigma Software Group
2010-03-11 12:42:13 ----DC---- I:\Documents and Settings\Tom\Data aplikací\Malwarebytes
2010-03-11 12:42:09 ----DC---- I:\Documents and Settings\All Users.C\Data aplikací\Malwarebytes
2010-03-11 12:42:09 ----D---- I:\Program Files\Malwarebytes' Anti-Malware
2010-03-11 12:28:57 ----SHDC---- I:\Documents and Settings\All Users.C\Data aplikací\c363c
2010-03-11 12:22:29 ----ADC---- I:\Documents and Settings\All Users.C\Data aplikací\TEMP
2010-03-11 09:15:29 ----SHDC---- I:\Documents and Settings\Tom\Data aplikací\CleanUp Antivirus
2010-03-11 09:15:29 ----SHDC---- I:\Documents and Settings\All Users.C\Data aplikací\CUNTNISUA
2010-03-11 09:15:16 ----SHDC---- I:\Documents and Settings\All Users.C\Data aplikací\c8ff646
2010-03-10 12:39:20 ----D---- I:\Program Files\Activision
2010-03-10 12:29:48 ----SHDC---- I:\C\ftpcache
2010-03-10 12:28:31 ----AC---- I:\C\system32\PnkBstrB.exe
2010-03-10 12:28:30 ----AC---- I:\C\system32\PnkBstrA.exe
2010-03-10 12:28:28 ----AC---- I:\C\game.ini
2010-03-09 20:59:57 ----DC---- I:\Documents and Settings\Tom\Data aplikací\FreeScreenToVideo
2010-03-09 20:59:57 ----D---- I:\Program Files\Free Screen To Video
2010-03-04 21:38:48 ----HDC---- I:\C\$NtUninstallKB926239$
2010-03-04 21:38:31 ----C---- I:\C\system32\spmsg.dll
2010-03-04 21:38:30 ----HDC---- I:\C\$NtUninstallMSCompPackV1$
2010-03-04 21:38:27 ----AC---- I:\C\imsins.BAK
2010-03-04 21:38:24 ----AC---- I:\C\system32\wmpns.dll
2010-03-04 21:38:12 ----HDC---- I:\C\$NtUninstallwmp11$
2010-03-04 21:37:22 ----DC---- I:\10f2fcf118b3d0875d
2010-03-02 21:42:24 ----DC---- I:\Documents and Settings\Tom\Data aplikací\FileZilla
2010-03-01 23:37:13 ----DC---- I:\Documents and Settings\Tom\Data aplikací\Ahead
2010-02-28 14:02:40 ----D---- I:\Program Files\PopCap Games
2010-02-25 15:33:30 ----AC---- I:\C\system32\OggDSuninst.exe
2010-02-25 15:24:45 ----D---- I:\Program Files\Alcohol Soft
2010-02-23 17:08:05 ----DC---- I:\Documents and Settings\Tom\Data aplikací\uTorrent
2010-02-23 15:22:05 ----AC---- I:\C\system32\javaws.exe
2010-02-23 15:22:05 ----AC---- I:\C\system32\javaw.exe
2010-02-23 15:22:05 ----AC---- I:\C\system32\java.exe
2010-02-15 22:19:30 ----AC---- I:\C\iun6002.exe
2010-02-15 22:19:01 ----D---- I:\Program Files\BlueVoda Website Builder
2010-02-15 10:23:48 ----AC---- I:\C\NeroDigital.ini
2010-02-14 21:45:45 ----C---- I:\C\UNNMP.exe
2010-02-14 21:44:19 ----AC---- I:\C\system32\nerocheck.exe.delme64
2010-02-14 21:44:19 ----AC---- I:\C\system32\nerocheck.exe
2010-02-14 21:44:19 ----AC---- I:\C\system32\nerocheck .exe
2010-02-14 21:43:16 ----C---- I:\C\UNNeroVision.exe
2010-02-14 21:43:16 ----AC---- I:\C\system32\msxml3a.dll
2010-02-14 21:43:00 ----DC---- I:\Documents and Settings\All Users.C\Data aplikací\Ahead
2010-02-14 21:42:59 ----AC---- I:\C\system32\TwnLib20.dll
2010-02-14 21:42:59 ----AC---- I:\C\system32\picn20.dll
2010-02-14 21:42:59 ----AC---- I:\C\system32\ImagXpr5.dll
2010-02-14 21:42:59 ----AC---- I:\C\system32\imagx5.dll
2010-02-14 21:42:59 ----AC---- I:\C\system32\imagr5.dll
2010-02-14 21:42:58 ----D---- I:\Program Files\Common Files\Ahead

======List of files/folders modified in the last 1 months======

2010-03-11 15:18:20 ----RD---- I:\Program Files
2010-03-11 15:06:20 ----D---- I:\Program Files\Mozilla Firefox
2010-03-11 15:06:16 ----AC---- I:\C\win.ini
2010-03-11 15:06:16 ----AC---- I:\C\system.ini
2010-03-11 15:05:11 ----ADC---- I:\C\Temp
2010-03-11 15:05:08 ----DC---- I:\C\system32
2010-03-11 15:05:06 ----D---- I:\Program Files\TO2SSM
2010-03-11 15:05:04 ----AC---- I:\C\system32\wglu.exe
2010-03-11 15:05:02 ----D---- I:\Program Files\Microsoft LifeCam
2010-03-11 15:05:01 ----D---- I:\Program Files\QuickTime
2010-03-11 15:05:00 ----DC---- I:\C
2010-03-11 15:05:00 ----AC---- I:\C\vvx3000.exe
2010-03-11 15:04:27 ----DC---- I:\C\system32\CatRoot2
2010-03-11 15:01:28 ----AC---- I:\C\system32\wglu.exe.delme60
2010-03-11 15:01:23 ----AC---- I:\C\vvx3000.exe.delme55
2010-03-11 14:59:55 ----AC---- I:\C\SchedLgU.Txt
2010-03-11 14:49:37 ----DC---- I:\C\system32\drivers
2010-03-11 14:49:29 ----DC---- I:\C\system32\dllcache
2010-03-11 14:42:52 ----DC---- I:\Documents and Settings\Tom\Data aplikací\vlc
2010-03-11 13:18:11 ----D---- I:\Program Files\Common Files
2010-03-11 12:33:51 ----SDC---- I:\C\Tasks
2010-03-11 12:25:18 ----DC---- I:\C\Prefetch
2010-03-11 08:02:31 ----HDC---- I:\C\inf
2010-03-10 18:53:04 ----D---- I:\Program Files\AGEIA Technologies
2010-03-10 17:34:13 ----DC---- I:\Documents and Settings\Tom\Data aplikací\Skype
2010-03-10 16:47:42 ----DC---- I:\Documents and Settings\Tom\Data aplikací\skypePM
2010-03-10 12:48:50 ----DC---- I:\C\system32\DirectX
2010-03-10 12:48:42 ----RSDC---- I:\C\assembly
2010-03-10 12:48:21 ----SHDC---- I:\C\Installer
2010-03-10 12:48:21 ----HD---- I:\Program Files\InstallShield Installation Information
2010-03-10 12:48:21 ----DC---- I:\Config.Msi
2010-03-10 12:28:30 ----DC---- I:\C\system32\LogFiles
2010-03-10 11:56:00 ----DC---- I:\C\system32\Restore
2010-03-08 19:42:00 ----DC---- I:\Documents and Settings\Tom\Data aplikací\dvdcss
2010-03-04 23:24:37 ----DC---- I:\C\AppPatch
2010-03-04 23:24:37 ----D---- I:\Program Files\Windows Media Player
2010-03-04 21:38:20 ----D---- I:\Program Files\Windows Media Connect 2
2010-03-04 21:38:18 ----DC---- I:\C\Help
2010-03-04 21:37:48 ----DC---- I:\C\system32\CatRoot
2010-03-02 21:33:32 ----D---- I:\Program Files\Google
2010-03-01 06:05:11 ----SDC---- I:\Documents and Settings\Tom\Data aplikací\Microsoft
2010-02-28 14:02:41 ----SDC---- I:\Documents and Settings\All Users.C\Data aplikací\Microsoft
2010-02-25 15:29:49 ----D---- I:\Program Files\Kalypso
2010-02-14 21:45:38 ----D---- I:\Program Files\Ahead

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; I:\C\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; I:\C\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 SpyEmrg;Spy Emergency Driver; I:\C\System32\Drivers\spyemrg.sys [2009-09-17 12344]
R3 ati2mtag;ati2mtag; I:\C\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; I:\C\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; I:\C\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); I:\C\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 mouhid;Ovladač myši standardu HID; I:\C\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; I:\C\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; I:\C\System32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
R3 usbaudio;Ovladač zvukové karty USB (WDM); I:\C\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; I:\C\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; I:\C\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; I:\C\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; I:\C\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; I:\C\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 a9696zop;a9696zop; I:\C\system32\drivers\a9696zop.sys []
S3 CCDECODE;Dekodér Closed Caption; I:\C\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\I:\Program Files\MediaCoder\SysInfo.sys []
S3 gdrv;gdrv; \??\I:\C\gdrv.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\I:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\I:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\I:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\I:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\I:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\I:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; I:\C\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; I:\C\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; I:\C\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; I:\C\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; I:\C\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; I:\C\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; I:\C\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 SLIP;BDA Slip De-Framer; I:\C\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; I:\C\System32\Drivers\spyemrg_access.sys [2009-09-17 18232]
S3 streamip;BDA IPSink; I:\C\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; I:\C\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbser;USB Modem Driver; I:\C\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; I:\C\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 VX3000;VX-3000; I:\C\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S3 Wdf01000;Kernel Mode Driver Frameworks service; I:\C\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; I:\C\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; I:\C\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; I:\C\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; I:\C\system32\Ati2evxx.exe [2009-11-25 602112]
R2 McciCMService;McciCMService; I:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MSCamSvc;MSCamSvc; I:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 PnkBstrA;PnkBstrA; I:\C\system32\PnkBstrA.exe [2010-03-10 66872]
R2 PnkBstrB;PnkBstrB; I:\C\system32\PnkBstrB.exe [2010-03-10 103736]
R2 SpyEmrgSrv;Spy Emergency Engine Service; I:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2009-09-17 1817144]
R2 SSHNAS;SSHNAS; I:\C\system32\svchost.exe [2004-08-17 17408]
R2 StarWindServiceAE;StarWind AE Service; I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; I:\C\system32\svchost.exe [2004-08-17 17408]
S2 gupdate;Google Update Service (gupdate); I:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S3 aspnet_state;ASP.NET State Service; I:\C\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\C\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ServiceLayer;ServiceLayer; I:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; I:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[smrt_kmotricek]

http://pc.poradna.net/q/view/493081-cle ... ge=r493114 co jsme dělali- pozor na explorer.exe

[Caroprd111]

Zdravím

Na logu se pracuje, prosím o strpení.

[Caroprd111]

Podle návodu http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 aplikujte tento skript v nouzovém režimu.

Kód: Vybrat vše

:processes
explorer.exe
ddgdq.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GEST"=-
"wglu"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CleanUp Antivirus"=-
"BMIMZMHMFM"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{ABCDEF13-0167-45B9-0AEE-43969F7CFA5B}"=-
"{2494876D-8E3E-2DC7-99C3-F16A5BE04688}"=-
"{63393632-C993-9C98-DAA6-D9047B329DEB}"=-
"{380D4A06-92A7-E0AC-2AFE-C4EC659CA7D5}"=-
"{9D78B55C-37D2-1FF6-9E57-7D7898525D80}"=-

:files
I:\C\system32\xhaht.dll
i:\documents and settings\all users.c\data aplikací\c363c\cub5e .exe
i:\docume~1\tom\locals~1\temp\c .exe
I:\C\system32\wglu.exe
I:\Documents and Settings\Tom\ddgdq.exe
I:\C\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
I:\C\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

:commands
[resethost]
[EmptyTemp]
[ClearAllRestorePoints]
[Purity]
[Reboot]

[tmoravek]

jdu na to..zatím DĚKUJU

[Caroprd111]

OK, zatím neděkujte, nic jsme nevyřešili.

[tmoravek]

hotovo..udělal jsem dle návodu..PC restart..a co teď ??

[Caroprd111]

Vložte sem log, který najdete v C:\_OTMoveIt\MovedFiles

[tmoravek]

je tam toho víc..posílám obrázek

[Caroprd111]

Obrázek nefunguje, je to textový soubor přibližně této podoby:


All processes killed
========== PROCESSES ==========
No active process named C:\DOCUME~1\Kopecny\LOCALS~1\Temp\Vld.exe was found!
========== FILES ==========
C:\DOCUME~1\Kopecny\LOCALS~1\Temp\Vld.exe moved successfully.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\%windir%\system32\drivers\svchost.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOY5KNQ8OC deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Administrator.VTUO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Kopecny
->Temp folder emptied: 60379193 bytes
->Temporary Internet Files folder emptied: 2950125 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 112155591 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8403 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 102512 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: SMSCliSvcAcct&
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 13793736 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 431872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 183,00 mb


OTM by OldTimer - Version 3.1.10.0 log created on 03112010_115240

[tmoravek]

jsou tam dva..posílám oba


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named ddgdq.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wglu deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CleanUp Antivirus not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BMIMZMHMFM not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCDEF13-0167-45B9-0AEE-43969F7CFA5B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{2494876D-8E3E-2DC7-99C3-F16A5BE04688} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2494876D-8E3E-2DC7-99C3-F16A5BE04688}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{63393632-C993-9C98-DAA6-D9047B329DEB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63393632-C993-9C98-DAA6-D9047B329DEB}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{380D4A06-92A7-E0AC-2AFE-C4EC659CA7D5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{380D4A06-92A7-E0AC-2AFE-C4EC659CA7D5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{9D78B55C-37D2-1FF6-9E57-7D7898525D80} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D78B55C-37D2-1FF6-9E57-7D7898525D80}\ deleted successfully.
========== FILES ==========
DllUnregisterServer procedure not found in I:\C\system32\xhaht.dll
File move failed. I:\C\system32\xhaht.dll scheduled to be moved on reboot.
i:\documents and settings\all users.c\data aplikací\c363c\cub5e .exe moved successfully.
i:\docume~1\tom\locals~1\temp\c .exe moved successfully.
I:\C\system32\wglu.exe moved successfully.
I:\Documents and Settings\Tom\ddgdq.exe moved successfully.
I:\C\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
I:\C\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.C

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User.C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 159680 bytes
->Temporary Internet Files folder emptied: 64402 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1470440 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 128448 bytes
->Temporary Internet Files folder emptied: 635524 bytes

User: Tom
->Temp folder emptied: 67168346 bytes
->Temporary Internet Files folder emptied: 15910785 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 115915996 bytes
->Flash cache emptied: 8475 bytes

User: user
->Apple Safari cache emptied: 3685222 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 4195840 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1300947 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 64402 bytes
RecycleBin emptied: 32068741 bytes

Total Files Cleaned = 234,00 mb


Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.10.0 log created on 03112010_164834

Files moved on Reboot...
File move failed. I:\C\system32\xhaht.dll scheduled to be moved on reboot.
I:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\S56JKLAZ\st[5] moved successfully.
I:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\S56JKLAZ\st[6] moved successfully.
I:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\S56JKLAZ\st[7] moved successfully.
I:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\S56JKLAZ\st[8] moved successfully.
File move failed. I:\Documents and Settings\user\Local Settings\Data aplikací\Apple Computer\Safari\FontsList.plist scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[tmoravek]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named ddgdq.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wglu not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CleanUp Antivirus not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BMIMZMHMFM not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{ABCDEF13-0167-45B9-0AEE-43969F7CFA5B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCDEF13-0167-45B9-0AEE-43969F7CFA5B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{2494876D-8E3E-2DC7-99C3-F16A5BE04688} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2494876D-8E3E-2DC7-99C3-F16A5BE04688}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{63393632-C993-9C98-DAA6-D9047B329DEB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63393632-C993-9C98-DAA6-D9047B329DEB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{380D4A06-92A7-E0AC-2AFE-C4EC659CA7D5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{380D4A06-92A7-E0AC-2AFE-C4EC659CA7D5}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\{9D78B55C-37D2-1FF6-9E57-7D7898525D80} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D78B55C-37D2-1FF6-9E57-7D7898525D80}\ not found.
========== FILES ==========
DllUnregisterServer procedure not found in I:\C\system32\xhaht.dll
File move failed. I:\C\system32\xhaht.dll scheduled to be moved on reboot.
File/Folder i:\documents and settings\all users.c\data aplikací\c363c\cub5e .exe not found.
File/Folder i:\docume~1\tom\locals~1\temp\c .exe not found.
File/Folder I:\C\system32\wglu.exe not found.
File/Folder I:\Documents and Settings\Tom\ddgdq.exe not found.
File/Folder I:\C\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File/Folder I:\C\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.C

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User.C
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Tom
->Temp folder emptied: 40495 bytes
->Temporary Internet Files folder emptied: 137487 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9215598 bytes
->Flash cache emptied: 434 bytes

User: user
->Apple Safari cache emptied: 69392 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1049 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1777 bytes

Total Files Cleaned = 9,00 mb


Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.10.0 log created on 03112010_165733

[Caroprd111]

Dejte nový log z RSIT.

[tmoravek]

prosím o trpělivost...co je RSIT ?

[Caroprd111]

http://www.viry.cz/forum/viewtopic.php?f=13&t=82743